Specify async resolution (#840)

This papers over the following vulnerability: https://app.snyk.io/vuln/SNYK-JS-ASYNC-2441827 We shouldn't be impacted given we don't use the ejs CLI. mde/ejs#645
seek-oss · Apr 14, 2022 · 7653184 · 7653184
1 parent ae70fd4
commit 7653184
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 4 deletions.
diff --git a/package.json b/package.json
@@ -100,6 +100,7 @@
   },
   "resolutions": {
     "**/@types/node": ">=14.18",
+    "ejs/jake/async": "3.2.3",
     "semantic-release/@semantic-release/npm/npm/**/ansi-regex": "5.0.1"
   },
   "scripts": {

diff --git a/yarn.lock b/yarn.lock
@@ -1963,10 +1963,10 @@ async-lock@^1.1.0:
   resolved "https://registry.yarnpkg.com/async-lock/-/async-lock-1.3.1.tgz#f2301c200600cde97acc386453b7126fa8aced3c"
   integrity sha512-zK7xap9UnttfbE23JmcrNIyueAn6jWshihJqA33U/hEnKprF/lVGBDsBv/bqLm2YMMl1DnpHhUY044eA0t1TUw==
 
-async@0.9.x:
-  version "0.9.2"
-  resolved "https://registry.yarnpkg.com/async/-/async-0.9.2.tgz#aea74d5e61c1f899613bf64bda66d4c78f2fd17d"
-  integrity sha1-rqdNXmHB+JlhO/ZL2mbUx48v0X0=
+async@0.9.x, async@3.2.3:
+  version "3.2.3"
+  resolved "https://registry.yarnpkg.com/async/-/async-3.2.3.tgz#ac53dafd3f4720ee9e8a160628f18ea91df196c9"
+  integrity sha512-spZRyzKL5l5BZQrr/6m/SqFdBN0q3OCI0f9rjfBzCMBIP4p75P620rR3gTmaksNOhmzgdxcaxdNfMy6anrbM0g==
 
 asynckit@^0.4.0:
   version "0.4.0"