Fix reported vulnerabilities (take two)

stefanobaghino-da · stefanobaghino-da · commit af242020ab41 · 2022-01-17T22:09:31.000+01:00
A couple of fixes on top of #12443: - unpin the node-forge 0.10.0 resolution to remove it from our lockfile - remove the useless scoped resolution for marked For the latter, the transitive dependency breaks between 3.x and 4.x so the problem is not easily solved without `typedoc` maintainers publishing a fixed version. I opened a PR here: TypeStrong/typedoc#1851 changelog_begin changelog_end
diff --git a/language-support/ts/packages/package.json b/language-support/ts/packages/package.json
@@ -29,7 +29,6 @@
   },
   "resolutions": {
     "marked": "^2.0.0",
-    "typedoc/**/marked": "^4.0.10",
     "**/y18n": "^4.0.1",
     "**/@types/react-test-renderer": "^16.9.3 || ^17.0.0",
     "**/hosted-git-info": "^4.0.2",
diff --git a/navigator/frontend/package.json b/navigator/frontend/package.json
@@ -92,7 +92,6 @@
   "resolutions": {
     "**/elliptic": "^6.5.4",
     "**/jpeg-js": "^0.4.1",
-    "**/selfsigned": "^1.10.8",
     "**/ssri": "^8.0.1",
     "**/hosted-git-info": "^4.0.2",
     "**/ws": "^7.4.6",
diff --git a/navigator/frontend/yarn.lock b/navigator/frontend/yarn.lock
@@ -3555,10 +3555,10 @@ no-case@^3.0.4:
     lower-case "^2.0.2"
     tslib "^2.0.3"
 
-node-forge@^0.10.0:
-  version "0.10.0"
-  resolved "https://registry.yarnpkg.com/node-forge/-/node-forge-0.10.0.tgz#32dea2afb3e9926f02ee5ce8794902691a676bf3"
-  integrity sha512-PPmu8eEeG9saEUvI97fm4OYxXVB6bFvyNTyiUOBichBpFG8A1Ljw3bY62+5oOjDEMHRnd0Y7HQ+x7uzxOzC6JA==
+node-forge@^1.2.0:
+  version "1.2.1"
+  resolved "https://registry.yarnpkg.com/node-forge/-/node-forge-1.2.1.tgz#82794919071ef2eb5c509293325cec8afd0fd53c"
+  integrity sha512-Fcvtbb+zBcZXbTTVwqGA5W+MKBj56UjVRevvchv5XrcyXbmNdesfZL37nlcWOfpgHhgmxApw3tQbTr4CqNmX4w==
 
 node-releases@^1.1.76:
   version "1.1.76"
@@ -4541,12 +4541,12 @@ select-hose@^2.0.0:
   resolved "https://registry.yarnpkg.com/select-hose/-/select-hose-2.0.0.tgz#625d8658f865af43ec962bfc376a37359a4994ca"
   integrity sha1-Yl2GWPhlr0Psliv8N2o3NZpJlMo=
 
-selfsigned@^1.10.8, selfsigned@^2.0.0:
-  version "1.10.11"
-  resolved "https://registry.yarnpkg.com/selfsigned/-/selfsigned-1.10.11.tgz#24929cd906fe0f44b6d01fb23999a739537acbe9"
-  integrity sha512-aVmbPOfViZqOZPgRBT0+3u4yZFHpmnIghLMlAcb5/xhp5ZtB/RVnKhz5vl2M32CLXAqR4kha9zfhNg0Lf/sxKA==
+selfsigned@^2.0.0:
+  version "2.0.0"
+  resolved "https://registry.yarnpkg.com/selfsigned/-/selfsigned-2.0.0.tgz#e927cd5377cbb0a1075302cff8df1042cc2bce5b"
+  integrity sha512-cUdFiCbKoa1mZ6osuJs2uDHrs0k0oprsKveFiiaBKCNq3SYyb5gs2HxhQyDNLCmL51ZZThqi4YNDpCK6GOP1iQ==
   dependencies:
-    node-forge "^0.10.0"
+    node-forge "^1.2.0"
 
 "semver@2 || 3 || 4 || 5", semver@^5.5.0:
   version "5.7.1"
