Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--changelogs/unreleased/fix-npm-security-updates.yml5
-rw-r--r--package.json1
-rw-r--r--yarn.lock2
3 files changed, 7 insertions, 1 deletions
diff --git a/changelogs/unreleased/fix-npm-security-updates.yml b/changelogs/unreleased/fix-npm-security-updates.yml
new file mode 100644
index 00000000000..faa0c3149b8
--- /dev/null
+++ b/changelogs/unreleased/fix-npm-security-updates.yml
@@ -0,0 +1,5 @@
+---
+title: Upgrade brace-expansion NPM package due to security issue
+merge_request: 13665
+author: Markus Koller
+type: security
diff --git a/package.json b/package.json
index 1725658729a..99704c07849 100644
--- a/package.json
+++ b/package.json
@@ -20,6 +20,7 @@
"babel-preset-latest": "^6.24.0",
"babel-preset-stage-2": "^6.22.0",
"bootstrap-sass": "^3.3.6",
+ "brace-expansion": "^1.1.8",
"compression-webpack-plugin": "^1.0.0",
"copy-webpack-plugin": "^4.0.1",
"core-js": "^2.4.1",
diff --git a/yarn.lock b/yarn.lock
index 396737a64a7..5245666fa43 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -990,7 +990,7 @@ brace-expansion@^1.0.0:
balanced-match "^0.4.1"
concat-map "0.0.1"
-brace-expansion@^1.1.7:
+brace-expansion@^1.1.8:
version "1.1.8"
resolved "https://registry.yarnpkg.com/brace-expansion/-/brace-expansion-1.1.8.tgz#c07b211c7c952ec1f8efd51a77ef0d1d3990a292"
dependencies:
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-17 09:43:50 +0300