Bump node-forge from 0.10.0 to 1.3.1 to resolve security issue

Signed-off-by: ananzh <ananzh@amazon.com>
ananzh · Jun 22, 2023 · 0613e37 · 0613e37
1 parent 4626066
commit 0613e37
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 6 deletions.
diff --git a/package.json b/package.json
@@ -110,8 +110,8 @@
     "**/merge": "^2.1.1",
     "**/minimatch": "^3.0.5",
     "**/minimist": "^1.2.5",
+    "**/node-forge": "^1.3.0",
     "**/node-jose": "^2.2.0",
-    "**/node-jose/node-forge": "^0.10.0",
     "**/normalize-url": "^4.5.1",
     "**/nth-check": "^2.0.1",
     "**/prismjs": "^1.23.0",
@@ -217,7 +217,6 @@
     "moment-timezone": "^0.5.27",
     "mustache": "^2.3.2",
     "node-fetch": "^2.6.7",
-    "node-forge": "^0.10.0",
     "p-map": "^4.0.0",
     "pegjs": "0.10.0",
     "proxy-from-env": "1.0.0",

diff --git a/yarn.lock b/yarn.lock
@@ -15321,10 +15321,10 @@ node-fetch@^2.6.0, node-fetch@^2.6.1, node-fetch@^2.6.7:
   dependencies:
     whatwg-url "^5.0.0"
 
-node-forge@^0.10.0, node-forge@^1.2.1:
-  version "0.10.0"
-  resolved "https://registry.yarnpkg.com/node-forge/-/node-forge-0.10.0.tgz#32dea2afb3e9926f02ee5ce8794902691a676bf3"
-  integrity sha512-PPmu8eEeG9saEUvI97fm4OYxXVB6bFvyNTyiUOBichBpFG8A1Ljw3bY62+5oOjDEMHRnd0Y7HQ+x7uzxOzC6JA==
+node-forge@^0.10.0, node-forge@^1.2.1, node-forge@^1.3.0:
+  version "1.3.1"
+  resolved "https://registry.yarnpkg.com/node-forge/-/node-forge-1.3.1.tgz#be8da2af243b2417d5f646a770663a92b7e9ded3"
+  integrity sha512-dPEtOeMvF9VMcYV/1Wb8CPoVAXtp6MKMlcbAt4ddqmGqUJ6fQZFXkNZNkNlfevtNkGtaSoXf/vNNNSvgrdXwtA==
 
 node-gyp-build@^4.2.3:
   version "4.2.3"