Merge pull request weaveworks#3640 from weaveworks/3637-fix-yaml-vuln…

…erability

Fix the vulnerability in the `yaml` NPM package

package.json

@@ -70,7 +70,7 @@
     "react-toastify": "^7.0.4",
     "sha3": "^2.1.4",
     "styled-components": "^5.3.0",
-    "yaml": "^1.10.2"
+    "yaml": "^2.2.2"
   },
   "jest": {
     "preset": "ts-jest",
@@ -111,5 +111,8 @@
     "react-test-renderer": "^17.0.2",
     "ts-jest": "^27.0.7",
     "typescript": "~4.3.5"
+  },
+  "alias": {
+    "yaml": "yaml/browser/dist/index.js"
   }
 }

website/package.json

@@ -14,11 +14,11 @@
     "write-heading-ids": "docusaurus write-heading-ids"
   },
   "dependencies": {
-    "@docusaurus/core": "^2.3.1",
-    "@docusaurus/plugin-google-analytics": "^2.3.1",
-    "@docusaurus/plugin-google-gtag": "^2.3.1",
-    "@docusaurus/preset-classic": "^2.3.1",
-    "@docusaurus/theme-search-algolia": "^2.3.1",
+    "@docusaurus/core": "^2.4.0",
+    "@docusaurus/plugin-google-analytics": "^2.4.0",
+    "@docusaurus/plugin-google-gtag": "^2.4.0",
+    "@docusaurus/preset-classic": "^2.4.0",
+    "@docusaurus/theme-search-algolia": "^2.4.0",
     "@fortawesome/fontawesome-svg-core": "^6.3.0",
     "@fortawesome/free-regular-svg-icons": "^6.3.0",
     "@fortawesome/free-solid-svg-icons": "^6.3.0",
@@ -30,7 +30,8 @@
     "react-player": "^2.11.0",
     "trim": "^1.0.1",
     "url-loader": "^4.1.1",
-    "webpack": "^5.76.0"
+    "webpack": "^5.76.0",
+    "yaml": "^2.2.2"
   },
   "browserslist": {
     "production": [
@@ -48,6 +49,7 @@
     "yarn-audit-fix": "^9.2.1"
   },
   "resolutions": {
-    "ua-parser-js": "^0.7.33"
+    "ua-parser-js": "^0.7.33",
+    "yaml": "^2.2.2"
   }
 }