Skip to content

Commit 291e6d1

Browse files
donkahndonkahn
committed
Use yarn selective resolution to address sub dep security issues
1 parent 8c51683 commit 291e6d1

File tree

2 files changed

+19
-20
lines changed

2 files changed

+19
-20
lines changed

package.json

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,11 @@
1010
"react-dom": "^16.13.1",
1111
"react-scripts": "^3.4.1"
1212
},
13+
"resolutions": {
14+
"set-value": "^2.0.1",
15+
"mixin-deep": "^1.3.2",
16+
"lodash.template": "4.5.0"
17+
},
1318
"scripts": {
1419
"start": "react-scripts start",
1520
"build": "react-scripts build",

yarn.lock

Lines changed: 14 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -6719,7 +6719,7 @@ locate-path@^5.0.0:
67196719
dependencies:
67206720
p-locate "^4.1.0"
67216721

6722-
lodash._reinterpolate@~3.0.0:
6722+
lodash._reinterpolate@^3.0.0, lodash._reinterpolate@~3.0.0:
67236723
version "3.0.0"
67246724
resolved "https://registry.yarnpkg.com/lodash._reinterpolate/-/lodash._reinterpolate-3.0.0.tgz#0ccf2d89166af03b3663c796538b75ac6e114d9d"
67256725

@@ -6735,11 +6735,12 @@ lodash.sortby@^4.7.0:
67356735
version "4.7.0"
67366736
resolved "https://registry.yarnpkg.com/lodash.sortby/-/lodash.sortby-4.7.0.tgz#edd14c824e2cc9c1e0b0a1b42bb5210516a42438"
67376737

6738-
lodash.template@^4.2.4, lodash.template@^4.4.0:
6739-
version "4.4.0"
6740-
resolved "https://registry.yarnpkg.com/lodash.template/-/lodash.template-4.4.0.tgz#e73a0385c8355591746e020b99679c690e68fba0"
6738+
lodash.template@4.5.0, lodash.template@^4.2.4, lodash.template@^4.4.0:
6739+
version "4.5.0"
6740+
resolved "https://registry.yarnpkg.com/lodash.template/-/lodash.template-4.5.0.tgz#f976195cf3f347d0d5f52483569fe8031ccce8ab"
6741+
integrity sha512-84vYFxIkmidUiFxidA/KjjH9pAycqW+h980j7Fuz5qxRtO9pgB7MDFTdys1N7A5mcucRiDyEq4fusljItR1T/A==
67416742
dependencies:
6742-
lodash._reinterpolate "~3.0.0"
6743+
lodash._reinterpolate "^3.0.0"
67436744
lodash.templatesettings "^4.0.0"
67446745

67456746
lodash.templatesettings@^4.0.0:
@@ -7053,9 +7054,10 @@ mississippi@^3.0.0:
70537054
stream-each "^1.1.0"
70547055
through2 "^2.0.0"
70557056

7056-
mixin-deep@^1.2.0:
7057-
version "1.3.1"
7058-
resolved "https://registry.yarnpkg.com/mixin-deep/-/mixin-deep-1.3.1.tgz#a49e7268dce1a0d9698e45326c5626df3543d0fe"
7057+
mixin-deep@^1.2.0, mixin-deep@^1.3.2:
7058+
version "1.3.2"
7059+
resolved "https://registry.yarnpkg.com/mixin-deep/-/mixin-deep-1.3.2.tgz#1120b43dc359a785dce65b55b82e257ccf479566"
7060+
integrity sha512-WRoDn//mXBiJ1H40rqa3vH0toePwSsGb45iInWlTySa+Uu4k3tYUSxa2v1KqAiLtvlrSzaExqS1gtk96A9zvEA==
70597061
dependencies:
70607062
for-in "^1.0.2"
70617063
is-extendable "^1.0.1"
@@ -9534,18 +9536,10 @@ set-blocking@^2.0.0, set-blocking@~2.0.0:
95349536
version "2.0.0"
95359537
resolved "https://registry.yarnpkg.com/set-blocking/-/set-blocking-2.0.0.tgz#045f9782d011ae9a6803ddd382b24392b3d890f7"
95369538

9537-
set-value@^0.4.3:
9538-
version "0.4.3"
9539-
resolved "https://registry.yarnpkg.com/set-value/-/set-value-0.4.3.tgz#7db08f9d3d22dc7f78e53af3c3bf4666ecdfccf1"
9540-
dependencies:
9541-
extend-shallow "^2.0.1"
9542-
is-extendable "^0.1.1"
9543-
is-plain-object "^2.0.1"
9544-
to-object-path "^0.3.0"
9545-
9546-
set-value@^2.0.0:
9547-
version "2.0.0"
9548-
resolved "https://registry.yarnpkg.com/set-value/-/set-value-2.0.0.tgz#71ae4a88f0feefbbf52d1ea604f3fb315ebb6274"
9539+
set-value@^0.4.3, set-value@^2.0.0, set-value@^2.0.1:
9540+
version "2.0.1"
9541+
resolved "https://registry.yarnpkg.com/set-value/-/set-value-2.0.1.tgz#a18d40530e6f07de4228c7defe4227af8cad005b"
9542+
integrity sha512-JxHc1weCN68wRY0fhCoXpyK55m/XPHafOmK4UWD7m2CI14GMcFypt4w/0+NV5f/ZMby2F6S2wwA7fgynh9gWSw==
95499543
dependencies:
95509544
extend-shallow "^2.0.1"
95519545
is-extendable "^0.1.1"

0 commit comments

Comments
 (0)