minor #159 Preventing malicious version of coa to install in CI (weaverryan)

weaverryan · weaverryan · commit 4f568822a465 · 2021-11-04T10:14:20.000-04:00
This PR was merged into the main branch. Discussion ---------- Preventing malicious version of coa to install in CI | Q | A | ------------- | --- | Bug fix? | no | New feature? | no | Tickets | none | License | MIT See: veged/coa#99 **This is not an end-user security issue**. Simply, we don't want to allow malicious code to be executed inside our own CI system. Commits ------- 390c710 Preventing malicious version of coa to install in CI
diff --git a/src/Turbo/Tests/app/package.json b/src/Turbo/Tests/app/package.json
@@ -9,6 +9,7 @@
         "stimulus": "^2.0.0",
         "webpack-notifier": "^1.6.0"
     },
+    "resolutions": { "coa": "2.0.2" },
     "license": "MIT",
     "private": true,
     "scripts": {
