Merge branch 'fix/npm-security-updates' into 'master'

Upgrade brace-expansion NPM package due to security issue

See merge request !13665

3 files changed, 7 insertions, 1 deletions

diff --git a/changelogs/unreleased/fix-npm-security-updates.yml b/changelogs/unreleased/fix-npm-security-updates.yml
new file mode 100644
index 00000000000..faa0c3149b8
--- /dev/null
+++ b/changelogs/unreleased/fix-npm-security-updates.yml
@@ -0,0 +1,5 @@
+---
+title: Upgrade brace-expansion NPM package due to security issue
+merge_request: 13665
+author: Markus Koller
+type: security
diff --git a/package.json b/package.json
index 1725658729a..99704c07849 100644
--- a/package.json
+++ b/package.json
@@ -20,6 +20,7 @@
     "babel-preset-latest": "^6.24.0",
     "babel-preset-stage-2": "^6.22.0",
     "bootstrap-sass": "^3.3.6",
+    "brace-expansion": "^1.1.8",
     "compression-webpack-plugin": "^1.0.0",
     "copy-webpack-plugin": "^4.0.1",
     "core-js": "^2.4.1",
diff --git a/yarn.lock b/yarn.lock
index 396737a64a7..5245666fa43 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -990,7 +990,7 @@ brace-expansion@^1.0.0:
     balanced-match "^0.4.1"
     concat-map "0.0.1"
 
-brace-expansion@^1.1.7:
+brace-expansion@^1.1.8:
   version "1.1.8"
   resolved "https://registry.yarnpkg.com/brace-expansion/-/brace-expansion-1.1.8.tgz#c07b211c7c952ec1f8efd51a77ef0d1d3990a292"
   dependencies: