From ca5c4b783905b793d2f0a547edf61cfbb09d4cc2 Mon Sep 17 00:00:00 2001
From: Brad Decker <git@braddecker.dev>
Date: Tue, 25 Jan 2022 10:19:58 -0600
Subject: [PATCH] fix node-forge vulnerability (#13389)

---
 package.json | 4 ++--
 yarn.lock    | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/package.json b/package.json
index 1ef9f4847..557e22c9a 100644
--- a/package.json
+++ b/package.json
@@ -83,8 +83,8 @@
     "3box/ipfs/ipld-zcash/zcash-bitcore-lib/elliptic": "^6.5.4",
     "3box/ipfs/libp2p-mdns/multicast-dns/dns-packet": "^5.2.2",
     "3box/ipfs/prometheus-gc-stats/gc-stats/node-pre-gyp/tar": "^6.1.2",
-    "3box/**/libp2p-crypto/node-forge": "^0.10.0",
-    "3box/**/libp2p-keychain/node-forge": "^0.10.0",
+    "3box/**/libp2p-crypto/node-forge": "^1.0.0",
+    "3box/**/libp2p-keychain/node-forge": "^1.0.0",
     "analytics-node/axios": "^0.21.2",
     "ganache-core/lodash": "^4.17.21",
     "netmask": "^2.0.1",
diff --git a/yarn.lock b/yarn.lock
index 4e83fa530..f63d72387 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -20219,10 +20219,10 @@ node-fetch@~1.7.1:
     encoding "^0.1.11"
     is-stream "^1.0.1"
 
-node-forge@^0.10.0, node-forge@^0.7.1, node-forge@^0.7.5, node-forge@~0.7.6:
-  version "0.10.0"
-  resolved "https://registry.yarnpkg.com/node-forge/-/node-forge-0.10.0.tgz#32dea2afb3e9926f02ee5ce8794902691a676bf3"
-  integrity sha512-PPmu8eEeG9saEUvI97fm4OYxXVB6bFvyNTyiUOBichBpFG8A1Ljw3bY62+5oOjDEMHRnd0Y7HQ+x7uzxOzC6JA==
+node-forge@^0.7.1, node-forge@^0.7.5, node-forge@^1.0.0, node-forge@~0.7.6:
+  version "1.2.1"
+  resolved "https://registry.yarnpkg.com/node-forge/-/node-forge-1.2.1.tgz#82794919071ef2eb5c509293325cec8afd0fd53c"
+  integrity sha512-Fcvtbb+zBcZXbTTVwqGA5W+MKBj56UjVRevvchv5XrcyXbmNdesfZL37nlcWOfpgHhgmxApw3tQbTr4CqNmX4w==
 
 node-gyp-build@^4.2.0, node-gyp-build@^4.2.2, node-gyp-build@^4.2.3, node-gyp-build@^4.3.0:
   version "4.3.0"