MT#64368 Fix vuln deps with yarn resolutions

- force @isaacs/brace-expansion 5.0.1 (patches minimatch/glob issue) - force qs 6.14.1 (patches express/body-parser issue from quasar tooling) - force tar 7.5.7 (patches node-gyp/tar issue pulled via npm) - note: npm itself has no patch plus the dep was not used so we removed it. Change-Id: Ic145cbc509d80cf9d96b9a053de1ce0a7d8dc5a8 (cherry picked from commit cecc11ab30)
4 months ago · 60ab5cd2a1
parent d8b929e26b
commit 60ab5cd2a1
2 changed files with 54 additions and 1094 deletions
--- a/package.json
+++ b/package.json
@ -43,9 +43,8 @@
    "jssip": "3.10.1",
    "load-script": "^2.0.0",
    "loader-utils": "^3.2.1",
-    "lodash": "4.17.21",
+    "lodash": "4.17.23",
    "moment": "^2.29.4",
-    "npm": "^11.6.4",
    "path": "0.12.7",
    "qrcode": "1.5.4",
    "quasar": "2.18.6",
@ -84,7 +83,7 @@
    "eslint-plugin-quasar": "1.1.0",
    "eslint-plugin-vue": "10.6.2",
    "eslint-webpack-plugin": "4.2.0",
-    "glob": "13.0.0",
+    "glob": "13.0.1",
    "globals": "16.5.0",
    "is-valid-glob": "1.0.0",
    "jest": "30.2.0",
@ -94,6 +93,13 @@
    "vue-wait": "^1.5.3",
    "vuelidate": "^0.7.7"
  },
+  "resolutions": {
+    "@isaacs/brace-expansion": "5.0.1",
+    "qs": "6.14.1",
+    "tar": "7.5.7",
+    "lodash": "4.17.23",
+    "lodash-es": "4.17.23"
+  },
  "browserslist": [
    "last 10 Chrome versions",
    "last 10 Firefox versions",
--- a/yarn.lock
+++ b/yarn.lock