From e3e2d1cf3e5637212f56f278091e6eee77fbc9b2 Mon Sep 17 00:00:00 2001
From: Peter Somogyvari <peter.somogyvari@accenture.com>
Date: Mon, 14 Mar 2022 00:14:36 -0700
Subject: [PATCH] fix(security): ensure ansi-html > 0.0.8 - CVE-2021-23424

Fixes #1920

Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
---
 package.json | 1 +
 yarn.lock    | 8 ++++----
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/package.json b/package.json
index 0d7b387224..2933fe8fa8 100644
--- a/package.json
+++ b/package.json
@@ -143,6 +143,7 @@
     "webpack-cli": "4.7.2"
   },
   "resolutions": {
+    "ansi-html": ">0.0.8",
     "glob-parent": "5.1.2",
     "underscore": "1.13.2"
   }
diff --git a/yarn.lock b/yarn.lock
index a904f6913b..ca44c823db 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -5289,10 +5289,10 @@ ansi-html-community@0.0.8:
   resolved "https://registry.yarnpkg.com/ansi-html-community/-/ansi-html-community-0.0.8.tgz#69fbc4d6ccbe383f9736934ae34c3f8290f1bf41"
   integrity sha512-1APHAyr3+PCamwNw3bXCPp4HFLONZt/yIH0sZp0/469KWNTEy+qN5jQ3GVX6DMZ1UXAi34yVwtTeaG/HpBuuzw==
 
-ansi-html@0.0.7:
-  version "0.0.7"
-  resolved "https://registry.yarnpkg.com/ansi-html/-/ansi-html-0.0.7.tgz#813584021962a9e9e6fd039f940d12f56ca7859e"
-  integrity sha1-gTWEAhliqenm/QOflA0S9WynhZ4=
+ansi-html@0.0.7, ansi-html@>0.0.8:
+  version "0.0.9"
+  resolved "https://registry.yarnpkg.com/ansi-html/-/ansi-html-0.0.9.tgz#6512d02342ae2cc68131952644a129cb734cd3f0"
+  integrity sha512-ozbS3LuenHVxNRh/wdnN16QapUHzauqSomAl1jwwJRRsGwFwtj644lIhxfWu0Fy0acCij2+AEgHvjscq3dlVXg==
 
 ansi-regex@^2.0.0:
   version "2.1.1"