[7.5] require yarn 1.21.1 to avoid binary planting vuln (#5289… (#52924)

Spencer · web-flow · commit 0909af825c54 · 2019-12-12T14:23:40.000-07:00
* require yarn 1.21.1 to avoid binary planting vuln (#52899) * force use of yarn 1.21.1
diff --git a/package.json b/package.json
@@ -84,7 +84,8 @@
     "**/graphql-toolkit/lodash": "^4.17.13",
     "**/isomorphic-git/**/base64-js": "^1.2.1",
     "**/babel-plugin-inline-react-svg/svgo/js-yaml": "^3.13.1",
-    "**/serialize-javascript": "^2.1.1"
+    "**/serialize-javascript": "^2.1.1",
+    "**/yarn": "^1.21.1"
   },
   "workspaces": {
     "packages": [
@@ -455,6 +456,6 @@
   },
   "engines": {
     "node": "10.15.2",
-    "yarn": "^1.10.1"
+    "yarn": "^1.21.1"
   }
 }
diff --git a/x-pack/package.json b/x-pack/package.json
@@ -376,7 +376,7 @@
     "xregexp": "4.2.4"
   },
   "engines": {
-    "yarn": "^1.10.1"
+    "yarn": "^1.21.1"
   },
   "workspaces": {
     "nohoist": [
diff --git a/yarn.lock b/yarn.lock
@@ -30411,10 +30411,10 @@ yarn-install@^0.5.1:
     chalk "^1.1.3"
     cross-spawn "^4.0.2"
 
-yarn@^1.12.3:
-  version "1.17.3"
-  resolved "https://registry.yarnpkg.com/yarn/-/yarn-1.17.3.tgz#60e0b77d079eb78e753bb616f7592b51b6a9adce"
-  integrity sha512-CgA8o7nRZaQvmeF/WBx2FC7f9W/0X59T2IaLYqgMo6637wfp5mMEsM3YXoJtKUspnpmDJKl/gGFhnqS+sON7hA==
+yarn@^1.12.3, yarn@^1.21.1:
+  version "1.21.1"
+  resolved "https://registry.yarnpkg.com/yarn/-/yarn-1.21.1.tgz#1d5da01a9a03492dc4a5957befc1fd12da83d89c"
+  integrity sha512-dQgmJv676X/NQczpbiDtc2hsE/pppGDJAzwlRiADMTvFzYbdxPj2WO4PcNyriSt2c4jsCMpt8UFRKHUozt21GQ==
 
 yauzl@2.10.0, yauzl@^2.10.0:
   version "2.10.0"
