Bump 'async' from v2.4.2 to v3.2.2 to fix a prototype pollution explo…

…it (#802) Summary: ## Summary The PR is essentially to update [async](https://www.npmjs.com/package/async) to version [3.2.2](https://github.com/caolan/async/blob/master/CHANGELOG.md#v322) to fix t a [prototype pollution exploit](https://security.snyk.io/vuln/SNYK-JS-ASYNC-2441827) found in versions < `3.2.2` . The vulnerability was discovered by [Snyk](https://snyk.io/) has discovered an exploit in and labelled as **High Severity**. Changelog: [Internal] X-link: facebook/metro#802 Reviewed By: GijsWeterings Differential Revision: D35543054 Pulled By: robhogan fbshipit-source-id: b176c584dbcb139115e466a765e3efbe6f1f984d
facebook · Apr 11, 2022 · e147365 · e147365
1 parent 77d2834
commit e147365
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 1 deletion.
diff --git a/repo-config/package.json b/repo-config/package.json
@@ -15,7 +15,7 @@
     "@react-native-community/eslint-plugin": "*",
     "@react-native/eslint-plugin-specs": ">0.0.2",
     "@reactions/component": "^2.0.2",
-    "async": "^2.4.0",
+    "async": "^3.2.2",
     "babel-eslint": "^10.1.0",
     "clang-format": "^1.2.4",
     "connect": "^3.6.5",

diff --git a/yarn.lock b/yarn.lock
@@ -1759,6 +1759,11 @@ async@^2.4.0:
   dependencies:
     lodash "^4.17.10"
 
+async@^3.2.2:
+  version "3.2.3"
+  resolved "https://registry.yarnpkg.com/async/-/async-3.2.3.tgz#ac53dafd3f4720ee9e8a160628f18ea91df196c9"
+  integrity sha512-spZRyzKL5l5BZQrr/6m/SqFdBN0q3OCI0f9rjfBzCMBIP4p75P620rR3gTmaksNOhmzgdxcaxdNfMy6anrbM0g==
+
 asynckit@^0.4.0:
   version "0.4.0"
   resolved "https://registry.yarnpkg.com/asynckit/-/asynckit-0.4.0.tgz#c79ed97f7f34cb8f2ba1bc9790bcc366474b4b79"