diff options
| -rw-r--r-- | changelogs/unreleased/fix-npm-security-updates.yml | 5 | ||||
| -rw-r--r-- | package.json | 1 | ||||
| -rw-r--r-- | yarn.lock | 2 |
3 files changed, 7 insertions, 1 deletions
diff --git a/changelogs/unreleased/fix-npm-security-updates.yml b/changelogs/unreleased/fix-npm-security-updates.yml new file mode 100644 index 00000000000..faa0c3149b8 --- /dev/null +++ b/changelogs/unreleased/fix-npm-security-updates.yml @@ -0,0 +1,5 @@ +--- +title: Upgrade brace-expansion NPM package due to security issue +merge_request: 13665 +author: Markus Koller +type: security diff --git a/package.json b/package.json index 1725658729a..99704c07849 100644 --- a/package.json +++ b/package.json @@ -20,6 +20,7 @@ "babel-preset-latest": "^6.24.0", "babel-preset-stage-2": "^6.22.0", "bootstrap-sass": "^3.3.6", + "brace-expansion": "^1.1.8", "compression-webpack-plugin": "^1.0.0", "copy-webpack-plugin": "^4.0.1", "core-js": "^2.4.1", diff --git a/yarn.lock b/yarn.lock index 396737a64a7..5245666fa43 100644 --- a/yarn.lock +++ b/yarn.lock @@ -990,7 +990,7 @@ brace-expansion@^1.0.0: balanced-match "^0.4.1" concat-map "0.0.1" -brace-expansion@^1.1.7: +brace-expansion@^1.1.8: version "1.1.8" resolved "https://registry.yarnpkg.com/brace-expansion/-/brace-expansion-1.1.8.tgz#c07b211c7c952ec1f8efd51a77ef0d1d3990a292" dependencies: |