Fix node-fetch, node-forge sec vulns (#1530)

Summary: You know the drill. Pull Request resolved: https://github.com/facebook/flipper/pull/1530 Test Plan: Checked that `yarn.lock` references the respective new versions. Reviewed By: nikoant Differential Revision: D23733338 Pulled By: passy fbshipit-source-id: abf9812b977542a8b297b88ea16c7c01a062898b
2020-09-17 05:01:49 -07:00
parent 48ac2df956
commit 2fbd5f6576
8 changed files with 28 additions and 54 deletions
--- a/website/package.json
+++ b/website/package.json
@@ -27,6 +27,7 @@
  "resolutions": {
    "minimist": "1.2.3",
    "kind-of": "6.0.3",
-    "serialize-javascript": "^3.1.0"
+    "serialize-javascript": "^3.1.0",
+    "node-forge": "^0.10.0"
  }
 }
--- a/website/yarn.lock
+++ b/website/yarn.lock
@@ -7185,10 +7185,10 @@ node-emoji@^1.10.0:
  dependencies:
    lodash.toarray "^4.4.0"

-node-forge@0.9.0:
-  version "0.9.0"
-  resolved "https://registry.yarnpkg.com/node-forge/-/node-forge-0.9.0.tgz#d624050edbb44874adca12bb9a52ec63cb782579"
-  integrity sha512-7ASaDa3pD+lJ3WvXFsxekJQelBKRpne+GOVbLbtHYdd7pFspyeuJHnWfLplGf3SwKGbfs/aYl5V/JCIaHVUKKQ==
+node-forge@0.9.0, node-forge@^0.10.0:
+  version "0.10.0"
+  resolved "https://registry.yarnpkg.com/node-forge/-/node-forge-0.10.0.tgz#32dea2afb3e9926f02ee5ce8794902691a676bf3"
+  integrity sha512-PPmu8eEeG9saEUvI97fm4OYxXVB6bFvyNTyiUOBichBpFG8A1Ljw3bY62+5oOjDEMHRnd0Y7HQ+x7uzxOzC6JA==

 node-libs-browser@^2.2.1:
  version "2.2.1"