Update improved-yarn-audit and ignore 2 advisories (#12765)

`improved-yarn-audit` has been updated so that it supports GitHub advisories. Two new GitHub advisories have been ignored, as they are both moderate RegExp DoS vulnerabilities that don't affect us, and they are embedded deep within our dependency graph and are difficult to update.
2024-11-22 01:47:00 +01:00 · 2021-11-19 11:53:19 -03:30 · 2021-11-19 11:53:19 -03:30 · fb6375472e
commit fb6375472e
parent 1ec2af0337
3 changed files with 9 additions and 9 deletions
--- a/.circleci/scripts/yarn-audit.sh
+++ b/.circleci/scripts/yarn-audit.sh
@ -7,7 +7,7 @@ set -o pipefail

 # use `improved-yarn-audit` since that allows for exclude
 # exclude 1002401 until we remove use of 3Box, 1002581 until we can find a better solution
-yarn run improved-yarn-audit --ignore-dev-deps --min-severity moderate --exclude 1002401,1002581
+yarn run improved-yarn-audit --ignore-dev-deps --min-severity moderate --exclude 1002401,1002581,GHSA-93q8-gq69-wqmw,GHSA-257v-vj4p-3w2h
 audit_status="$?"

 # Use a bitmask to ignore INFO and LOW severity audit results
--- a/package.json
+++ b/package.json
@ -294,7 +294,7 @@
    "gulp-watch": "^5.0.1",
    "gulp-zip": "^4.0.0",
    "history": "^5.0.0",
-    "improved-yarn-audit": "^2.3.3",
+    "improved-yarn-audit": "^3.0.0",
    "jest": "^26.6.3",
    "jsdom": "^11.2.0",
    "koa": "^2.7.0",
--- a/yarn.lock
+++ b/yarn.lock
@ -6825,9 +6825,9 @@ ansi-regex@^4.1.0:
  integrity sha512-1apePfXM1UOSqw0o9IiFAovVz9M5S1Dg+4TrDwfMewQ6p/rmMueb7tWZjQ1rx4Loy1ArBggoqGpfqqdI4rondg==

 ansi-regex@^5.0.0:
-  version "5.0.0"
-  resolved "https://registry.yarnpkg.com/ansi-regex/-/ansi-regex-5.0.0.tgz#388539f55179bf39339c81af30a654d69f87cb75"
-  integrity sha512-bY6fj56OUQ0hU1KjFNDQuJFezqKdrAyFdIevADiqrWHwSlbmBNMHp5ak2f40Pm8JTFyM2mqxkG6ngkHO11f/lg==
+  version "5.0.1"
+  resolved "https://registry.yarnpkg.com/ansi-regex/-/ansi-regex-5.0.1.tgz#082cb2c89c9fe8659a311a53bd6a4dc5301db304"
+  integrity sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==

 ansi-styles@^2.2.1:
  version "2.2.1"
@ -16580,10 +16580,10 @@ import-local@^3.0.2:
    pkg-dir "^4.2.0"
    resolve-cwd "^3.0.0"

-improved-yarn-audit@^2.3.3:
-  version "2.3.3"
-  resolved "https://registry.yarnpkg.com/improved-yarn-audit/-/improved-yarn-audit-2.3.3.tgz#da0be78be4b678c73733066c9ccd21e1958fae8c"
-  integrity sha512-chZ7zPKGsA+CZeMExNPf9WZhETJLkC+u8cQlkQC9XyPZqQPctn3FavefTjXBXmX3Azin8WcoAbaok1FvjkLf6A==
+improved-yarn-audit@^3.0.0:
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/improved-yarn-audit/-/improved-yarn-audit-3.0.0.tgz#dfb09cea1a3a92c790ea2b4056431f6fb1b99bfa"
+  integrity sha512-b7CrBYYwMidtPciCBkW62C7vqGjAV10bxcAWHeJvGrltrcMSEnG5I9CQgi14nmAlUKUQiSvpz47Lo3d7Z3Vjcg==

 imurmurhash@^0.1.4:
  version "0.1.4"