From 3b5e33bc4cfa59b2499d4ac5556a92d216634270 Mon Sep 17 00:00:00 2001
From: Alex Donesky <adonesky@gmail.com>
Date: Fri, 8 Oct 2021 12:18:38 -0500
Subject: [PATCH] use improved-yarn-audit and exclude 1002401 and 1002581
 (#12310)

* use improved-yarn-audit and exclude 1002401
---
 .circleci/scripts/yarn-audit.sh | 4 +++-
 .depcheckrc.yml                 | 1 +
 package.json                    | 1 +
 yarn.lock                       | 5 +++++
 4 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/.circleci/scripts/yarn-audit.sh b/.circleci/scripts/yarn-audit.sh
index ebe036815..717b5f456 100755
--- a/.circleci/scripts/yarn-audit.sh
+++ b/.circleci/scripts/yarn-audit.sh
@@ -3,7 +3,9 @@
 set -u
 set -o pipefail
 
-yarn audit --level moderate --groups dependencies
+# use `improved-yarn-audit` since that allows for exclude
+# exclude 1002401 until we remove use of 3Box, 1002581 until we can find a better solution
+yarn run improved-yarn-audit --ignore-dev-deps --min-severity moderate --exclude 1002401,1002581
 audit_status="$?"
 
 # Use a bitmask to ignore INFO and LOW severity audit results
diff --git a/.depcheckrc.yml b/.depcheckrc.yml
index 70214b911..c99ca2f85 100644
--- a/.depcheckrc.yml
+++ b/.depcheckrc.yml
@@ -29,6 +29,7 @@ ignores:
   - "source-map-explorer"
   # development tool
   - "yarn-deduplicate"
+  - "improved-yarn-audit"
   # storybook
   - "@storybook/core"
   - "@storybook/addon-backgrounds"
diff --git a/package.json b/package.json
index e1577d3cb..0c7609ab6 100644
--- a/package.json
+++ b/package.json
@@ -287,6 +287,7 @@
     "gulp-watch": "^5.0.1",
     "gulp-zip": "^4.0.0",
     "history": "^5.0.0",
+    "improved-yarn-audit": "^2.3.3",
     "jest": "^26.6.3",
     "jsdom": "^11.2.0",
     "koa": "^2.7.0",
diff --git a/yarn.lock b/yarn.lock
index ebf724f2f..e534ce6d7 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -14631,6 +14631,11 @@ import-local@^3.0.2:
     pkg-dir "^4.2.0"
     resolve-cwd "^3.0.0"
 
+improved-yarn-audit@^2.3.3:
+  version "2.3.3"
+  resolved "https://registry.yarnpkg.com/improved-yarn-audit/-/improved-yarn-audit-2.3.3.tgz#da0be78be4b678c73733066c9ccd21e1958fae8c"
+  integrity sha512-chZ7zPKGsA+CZeMExNPf9WZhETJLkC+u8cQlkQC9XyPZqQPctn3FavefTjXBXmX3Azin8WcoAbaok1FvjkLf6A==
+
 imurmurhash@^0.1.4:
   version "0.1.4"
   resolved "https://registry.yarnpkg.com/imurmurhash/-/imurmurhash-0.1.4.tgz#9218b9b2b928a238b13dc4fb6b6d576f231453ea"