security: update 'decompress' dependency

The following commit updates the `decompress` dependency to benefit from the security vulnerability fix. The `yarn.lock` was updated to resolve the security advisory. Signed-off-by: vince-fugnitto <vincent.fugnitto@ericsson.com>
eclipse-theia · Aug 3, 2020 · 14b43fe · 14b43fe
1 parent fedb5f3
commit 14b43fe
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 5 deletions.
diff --git a/packages/plugin-ext/package.json b/packages/plugin-ext/package.json
@@ -27,7 +27,7 @@
     "@types/mime": "^2.0.1",
     "@types/serve-static": "^1.13.3",
     "connect": "^3.7.0",
-    "decompress": "4.2.0",
+    "decompress": "^4.2.0",
     "escape-html": "^1.0.3",
     "filenamify": "^4.1.0",
     "jsonc-parser": "^2.0.2",

diff --git a/yarn.lock b/yarn.lock
@@ -4846,10 +4846,10 @@ decompress-unzip@^4.0.1:
     pify "^2.3.0"
     yauzl "^2.4.2"
 
-decompress@4.2.0:
-  version "4.2.0"
-  resolved "https://registry.yarnpkg.com/decompress/-/decompress-4.2.0.tgz#7aedd85427e5a92dacfe55674a7c505e96d01f9d"
-  integrity sha1-eu3YVCflqS2s/lVnSnxQXpbQH50=
+decompress@^4.2.0:
+  version "4.2.1"
+  resolved "https://registry.yarnpkg.com/decompress/-/decompress-4.2.1.tgz#007f55cc6a62c055afa37c07eb6a4ee1b773f118"
+  integrity sha512-e48kc2IjU+2Zw8cTb6VZcJQ3lgVbS4uuB1TfCHbiZIP/haNXm+SVyhu+87jts5/3ROpd82GSVCoNs/z8l4ZOaQ==
   dependencies:
     decompress-tar "^4.0.0"
     decompress-tarbz2 "^4.0.0"