From 2fdee4fc4326bfb4821ba9c6ad750fa8ae6af3e6 Mon Sep 17 00:00:00 2001
From: Peter Somogyvari <peter.somogyvari@accenture.com>
Date: Sun, 13 Mar 2022 22:52:18 -0700
Subject: [PATCH] fix(security): address CVE-2021-23358 - TEMPORARY fix

This is just a temporary fix for the short term where we
simply force all underscore versions to be the latest availabe
at the time of this writing.
This is necessary because the vulnerabilities would be
much more complicated to be fixed on the top level
where we have to execute a costly migration from web3-eea to
web3js-quorum.

Temporarily addresses #1775
TODO: We still need to fix this in the correct way on the longer term.

Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
---
 package.json | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/package.json b/package.json
index e3536bc141..e2f5e8280d 100644
--- a/package.json
+++ b/package.json
@@ -141,5 +141,8 @@
     "webpack": "5.50.0",
     "webpack-bundle-analyzer": "4.4.2",
     "webpack-cli": "4.7.2"
+  },
+  "resolutions": {
+    "underscore": "1.13.2"
   }
 }