From de91471cc5327412ee4940f9eb95bfb580ee3794 Mon Sep 17 00:00:00 2001
From: Javier Adriel <reivaj0705@gmail.com>
Date: Mon, 24 Apr 2023 14:55:38 -0600
Subject: [PATCH] Fix yaml vulnerability in UI dependency (#1586)

---
 web-app/package.json | 1 +
 web-app/yarn.lock    | 8 ++++----
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/web-app/package.json b/web-app/package.json
index cc4717ceffa..3f33d4fb898 100644
--- a/web-app/package.json
+++ b/web-app/package.json
@@ -79,6 +79,7 @@
   "resolutions": {
     "nth-check": "^2.0.1",
     "postcss": "^8.2.13",
+    "yaml": "^2.2.2",
     "react-scripts/**/node-forge": "^1.3.0",
     "react-scripts/**/async": "^2.6.4",
     "react-scripts/workbox-webpack-plugin/workbox-build/@surma/rollup-plugin-off-main-thread/ejs/jake/async": "^2.6.4",
diff --git a/web-app/yarn.lock b/web-app/yarn.lock
index 6f6cad3d19f..144ebfdd55d 100644
--- a/web-app/yarn.lock
+++ b/web-app/yarn.lock
@@ -11891,10 +11891,10 @@ yallist@^4.0.0:
   resolved "https://registry.yarnpkg.com/yallist/-/yallist-4.0.0.tgz#9bb92790d9c0effec63be73519e11a35019a3a72"
   integrity sha512-3wdGidZyq5PB084XLES5TpOSRA3wjXAlIWMhum2kRcv/41Sn2emQ0dycQW4uZXLejwKvg6EsvbdlVL+FYEct7A==
 
-yaml@^1.10.0, yaml@^1.10.2, yaml@^1.7.2:
-  version "1.10.2"
-  resolved "https://registry.yarnpkg.com/yaml/-/yaml-1.10.2.tgz#2301c5ffbf12b467de8da2333a459e29e7920e4b"
-  integrity sha512-r3vXyErRCYJ7wg28yvBY5VSoAF8ZvlcW9/BwUzEtUsjvX/DKs24dIkuwjtuprwJJHsbyUbLApepYTR1BN4uHrg==
+yaml@^1.10.0, yaml@^1.10.2, yaml@^1.7.2, yaml@^2.2.2:
+  version "2.2.2"
+  resolved "https://registry.yarnpkg.com/yaml/-/yaml-2.2.2.tgz#ec551ef37326e6d42872dad1970300f8eb83a073"
+  integrity sha512-CBKFWExMn46Foo4cldiChEzn7S7SRV+wqiluAb6xmueD/fGyRHIhX8m14vVGgeFWjN540nKCNVj6P21eQjgTuA==
 
 yargs-parser@^20.2.2:
   version "20.2.9"