add dev-dependency: improved-yarn-audit

"improved-yarn-audit" (license: MIT), complements plain "yarn audit", making audits easier to integrate in CI pipelines. The output is short and to-the-point, making it useful immediately. Simple usage examples: $> yarn run improved-yarn-audit $> yarn run improved-yarn-audit --ignore-dev-deps Here's the currint output for the Theia repo (with this PR in): $> yarn run improved-yarn-audit Improved Yarn Audit - v3.0.0 Minimum severity level to report: low Running yarn audit... Found 2 vulnerabilities Vulnerability Found: Severity: MODERATE Modules: jsdom URL: GHSA-f4c9-cqv8-9v98 Vulnerability Found: Severity: HIGH Modules: lerna>nx>axios URL: GHSA-cph5-m8f7-6c5x Signed-off-by: Marc Dumais <marc.dumais@ericsson.com>
eclipse-theia · Oct 11, 2022 · 1966102 · 1966102
1 parent 062ae18
commit 1966102
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 0 deletions.
diff --git a/package.json b/package.json
@@ -38,6 +38,7 @@
     "glob": "^7.1.7",
     "if-env": "^1.0.4",
     "ignore-styles": "^5.0.1",
+    "improved-yarn-audit": "^3.0.0",
     "jsdom": "^11.5.1",
     "lerna": "^5.5.4",
     "node-gyp": "^9.0.0",

diff --git a/yarn.lock b/yarn.lock
@@ -6879,6 +6879,11 @@ import-local@^3.0.2:
     pkg-dir "^4.2.0"
     resolve-cwd "^3.0.0"
 
+improved-yarn-audit@^3.0.0:
+  version "3.0.0"
+  resolved "https://registry.yarnpkg.com/improved-yarn-audit/-/improved-yarn-audit-3.0.0.tgz#dfb09cea1a3a92c790ea2b4056431f6fb1b99bfa"
+  integrity sha512-b7CrBYYwMidtPciCBkW62C7vqGjAV10bxcAWHeJvGrltrcMSEnG5I9CQgi14nmAlUKUQiSvpz47Lo3d7Z3Vjcg==
+
 imurmurhash@^0.1.4:
   version "0.1.4"
   resolved "https://registry.yarnpkg.com/imurmurhash/-/imurmurhash-0.1.4.tgz#9218b9b2b928a238b13dc4fb6b6d576f231453ea"