From aa01e88463253673428c951d47dee6b735200804 Mon Sep 17 00:00:00 2001
From: sumukhswamy <sumukhhs@amazon.com>
Date: Wed, 29 Jan 2025 16:51:32 -0800
Subject: [PATCH 1/2] [CVE-2024-21538] Bump cross-spawn from 6.0.5 and 7.0.3 to
 7.0.5

Signed-off-by: sumukhswamy <sumukhhs@amazon.com>
---
 package.json | 3 ++-
 yarn.lock    | 9 +++++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 6eb5e14f..3a8781d8 100644
--- a/package.json
+++ b/package.json
@@ -90,6 +90,7 @@
     "debug": "^4.3.4",
     "browserify-sign": "^4.2.2",
     "braces": "^3.0.3",
-    "micromatch": "^4.0.8"
+    "micromatch": "^4.0.8",
+    "**/eslint/cross-spawn": "^7.0.5"
   }
 }
\ No newline at end of file
diff --git a/yarn.lock b/yarn.lock
index 3d3fe727..b46efe42 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -2238,6 +2238,15 @@ cross-spawn@^7.0.0:
     shebang-command "^2.0.0"
     which "^2.0.1"
 
+cross-spawn@^7.0.5:
+  version "7.0.6"
+  resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-7.0.6.tgz#8a58fe78f00dcd70c370451759dfbfaf03e8ee9f"
+  integrity sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==
+  dependencies:
+    path-key "^3.1.0"
+    shebang-command "^2.0.0"
+    which "^2.0.1"
+
 crypto-browserify@^3.11.0:
   version "3.12.0"
   resolved "https://registry.yarnpkg.com/crypto-browserify/-/crypto-browserify-3.12.0.tgz#396cf9f3137f03e4b8e532c58f698254e00f80ec"

From f6d48be3ca961148a0a58dfe6b42edfa5cd72bcc Mon Sep 17 00:00:00 2001
From: sumukhswamy <sumukhhs@amazon.com>
Date: Thu, 30 Jan 2025 11:41:52 -0800
Subject: [PATCH 2/2] update yarn.lock

Signed-off-by: sumukhswamy <sumukhhs@amazon.com>
---
 yarn.lock | 11 +----------
 1 file changed, 1 insertion(+), 10 deletions(-)

diff --git a/yarn.lock b/yarn.lock
index b46efe42..aeeaaa98 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -2229,16 +2229,7 @@ cross-fetch@^3.0.4:
   dependencies:
     node-fetch "^2.6.12"
 
-cross-spawn@^7.0.0:
-  version "7.0.3"
-  resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-7.0.3.tgz#f73a85b9d5d41d045551c177e2882d4ac85728a6"
-  integrity sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==
-  dependencies:
-    path-key "^3.1.0"
-    shebang-command "^2.0.0"
-    which "^2.0.1"
-
-cross-spawn@^7.0.5:
+cross-spawn@^7.0.0, cross-spawn@^7.0.5:
   version "7.0.6"
   resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-7.0.6.tgz#8a58fe78f00dcd70c370451759dfbfaf03e8ee9f"
   integrity sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==