Merge pull request microsoft#1260 from amgleitman/0.68-component-gove…

…rnance

Bring over some component governance improvements to 0.68-stable

package.json

@@ -122,6 +122,7 @@
     "react-native-gradle-plugin": "^0.0.6",
     "react-refresh": "^0.4.0",
     "react-shallow-renderer": "16.14.1",
+    "readable-stream": "^4.0.0",
     "regenerator-runtime": "^0.13.2",
     "scheduler": "^0.20.2",
     "stacktrace-parser": "^0.1.3",
@@ -181,14 +182,14 @@
   "resolutions": {
     "async": "^3.2.2",
     "es5-ext": "0.10.53",
-    "shell-quote": "^1.7.3",
-    "workspace-tools": "^0.18.4"
+    "readable-stream": "^4.0.0",
+    "shell-quote": "^1.7.3"
   },
   "_justification": {
     "async": "Versions of async prior to 3.2.2 are vulnerable to prototype pollution",
     "es5-ext": "Packages after 0.10.54 and at the moment up until 0.10.59 contain a protest message. A policy prevents us from using packages with protestware, therefore downgrading to the latest release without the message.",
-    "shell-quote": "Versions prior to 1.7.3 have an RCE vulnerability. Should be removable once we upgrade CLI tools to ^8.0.0 with RN 0.69.",
-    "workspace-tools": "Versions prior to 0.18.4 are vulnerable to command injection and prototype pollution attacks"
+    "readable-stream": "Eliminates dependency on outdated string_decoder component",
+    "shell-quote": "Versions prior to 1.7.3 have an RCE vulnerability. Should be removable once we upgrade CLI tools to ^8.0.0 with RN 0.69."
   },
   "codegenConfig": {
     "libraries": [
@@ -208,4 +209,4 @@
       }
     ]
   }
-}
+}

packages/react-native-macos-init/package.json

@@ -34,7 +34,7 @@
     "@types/semver": "^7.1.0",
     "@types/valid-url": "^1.0.2",
     "@types/yargs": "^15.0.3",
-    "beachball": "^1.27.0",
+    "beachball": "^2.25.0",
     "just-scripts": "^1.8.0",
     "typescript": "4.5.4"
   },