Fix dependency audit failure (#14114)

The Yarn resolution for `node-forge` has been updated to use a more recent version of the library that includes fixes for the vulnerabilities currently causing our audit job to fail. This update should include no breaking changes.
3 years ago · 150a9e9c8e
parent 62024d0ef0
commit 150a9e9c8e
2 changed files with 6 additions and 6 deletions
--- a/package.json
+++ b/package.json
@ -88,8 +88,8 @@
    "3box/ipfs/ipld-zcash/zcash-bitcore-lib/elliptic": "^6.5.4",
    "3box/ipfs/libp2p-mdns/multicast-dns/dns-packet": "^5.2.2",
    "3box/ipfs/prometheus-gc-stats/gc-stats/node-pre-gyp/tar": "^6.1.2",
-    "3box/**/libp2p-crypto/node-forge": "^1.0.0",
-    "3box/**/libp2p-keychain/node-forge": "^1.0.0",
+    "3box/**/libp2p-crypto/node-forge": "^1.3.0",
+    "3box/**/libp2p-keychain/node-forge": "^1.3.0",
    "3box/ipfs/libp2p-webrtc-star/socket.io/engine.io": "^4.0.0",
    "analytics-node/axios": "^0.21.2",
    "ganache-core/lodash": "^4.17.21",
--- a/yarn.lock
+++ b/yarn.lock
@ -19806,10 +19806,10 @@ node-fetch@2.6.7, node-fetch@^2.3.0, node-fetch@^2.6.0, node-fetch@^2.6.1, node-
  dependencies:
    whatwg-url "^5.0.0"

-node-forge@^0.7.1, node-forge@^0.7.5, node-forge@^1.0.0, node-forge@^1.2.1, node-forge@~0.7.6:
-  version "1.2.1"
-  resolved "https://registry.yarnpkg.com/node-forge/-/node-forge-1.2.1.tgz#82794919071ef2eb5c509293325cec8afd0fd53c"
-  integrity sha512-Fcvtbb+zBcZXbTTVwqGA5W+MKBj56UjVRevvchv5XrcyXbmNdesfZL37nlcWOfpgHhgmxApw3tQbTr4CqNmX4w==
+node-forge@^0.7.1, node-forge@^0.7.5, node-forge@^1.2.1, node-forge@^1.3.0, node-forge@~0.7.6:
+  version "1.3.0"
+  resolved "https://registry.yarnpkg.com/node-forge/-/node-forge-1.3.0.tgz#37a874ea723855f37db091e6c186e5b67a01d4b2"
+  integrity sha512-08ARB91bUi6zNKzVmaj3QO7cr397uiDT2nJ63cHjyNtCTWIgvS47j3eT0WfzUwS9+6Z5YshRaoasFkXCKrIYbA==

 node-gyp-build@4.3.0, node-gyp-build@^4.2.0, node-gyp-build@^4.2.2, node-gyp-build@^4.2.3, node-gyp-build@^4.3.0:
  version "4.3.0"