From 390c7106538354bb6984a5935a3e5ccaf94d1b75 Mon Sep 17 00:00:00 2001
From: Ryan Weaver <ryan@thatsquality.com>
Date: Thu, 4 Nov 2021 10:09:00 -0400
Subject: [PATCH] Preventing malicious version of coa to install in CI

See: https://github.com/veged/coa/issues/99

This is not an end-user security issue. Simply, we don't want to
allow malicious code to be executed inside our own CI system.
---
 src/Turbo/Tests/app/package.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/Turbo/Tests/app/package.json b/src/Turbo/Tests/app/package.json
index 01b69c47f03..3f6664d5b65 100644
--- a/src/Turbo/Tests/app/package.json
+++ b/src/Turbo/Tests/app/package.json
@@ -9,6 +9,7 @@
         "stimulus": "^2.0.0",
         "webpack-notifier": "^1.6.0"
     },
+    "resolutions": { "coa": "2.0.2" },
     "license": "MIT",
     "private": true,
     "scripts": {