From 0613e3778f974aeea687d401624f919fe12ec2f6 Mon Sep 17 00:00:00 2001
From: ananzh <ananzh@amazon.com>
Date: Thu, 22 Jun 2023 00:20:44 +0000
Subject: [PATCH] Bump node-forge from 0.10.0 to 1.3.1 to resolve security
 issue

Signed-off-by: ananzh <ananzh@amazon.com>
---
 package.json | 3 +--
 yarn.lock    | 8 ++++----
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/package.json b/package.json
index 90aeb756232..13b626ea8bc 100644
--- a/package.json
+++ b/package.json
@@ -110,8 +110,8 @@
     "**/merge": "^2.1.1",
     "**/minimatch": "^3.0.5",
     "**/minimist": "^1.2.5",
+    "**/node-forge": "^1.3.0",
     "**/node-jose": "^2.2.0",
-    "**/node-jose/node-forge": "^0.10.0",
     "**/normalize-url": "^4.5.1",
     "**/nth-check": "^2.0.1",
     "**/prismjs": "^1.23.0",
@@ -217,7 +217,6 @@
     "moment-timezone": "^0.5.27",
     "mustache": "^2.3.2",
     "node-fetch": "^2.6.7",
-    "node-forge": "^0.10.0",
     "p-map": "^4.0.0",
     "pegjs": "0.10.0",
     "proxy-from-env": "1.0.0",
diff --git a/yarn.lock b/yarn.lock
index dcabc450cf5..76a1eb98806 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -15321,10 +15321,10 @@ node-fetch@^2.6.0, node-fetch@^2.6.1, node-fetch@^2.6.7:
   dependencies:
     whatwg-url "^5.0.0"
 
-node-forge@^0.10.0, node-forge@^1.2.1:
-  version "0.10.0"
-  resolved "https://registry.yarnpkg.com/node-forge/-/node-forge-0.10.0.tgz#32dea2afb3e9926f02ee5ce8794902691a676bf3"
-  integrity sha512-PPmu8eEeG9saEUvI97fm4OYxXVB6bFvyNTyiUOBichBpFG8A1Ljw3bY62+5oOjDEMHRnd0Y7HQ+x7uzxOzC6JA==
+node-forge@^0.10.0, node-forge@^1.2.1, node-forge@^1.3.0:
+  version "1.3.1"
+  resolved "https://registry.yarnpkg.com/node-forge/-/node-forge-1.3.1.tgz#be8da2af243b2417d5f646a770663a92b7e9ded3"
+  integrity sha512-dPEtOeMvF9VMcYV/1Wb8CPoVAXtp6MKMlcbAt4ddqmGqUJ6fQZFXkNZNkNlfevtNkGtaSoXf/vNNNSvgrdXwtA==
 
 node-gyp-build@^4.2.3:
   version "4.2.3"