From 91979c17b620f1e2f0ceb9a9b4c8ef730cef04b5 Mon Sep 17 00:00:00 2001
From: Sumukh Swamy <sumukhhs@amazon.com>
Date: Thu, 30 Jan 2025 11:59:49 -0800
Subject: [PATCH] [CVE-2024-21538] Bump cross-spawn from 6.0.5 and 7.0.3 to
 7.0.5 (#508)

Signed-off-by: sumukhswamy <sumukhhs@amazon.com>
---
 package.json | 3 ++-
 yarn.lock    | 8 ++++----
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/package.json b/package.json
index bd1202cc..fe7f97cf 100644
--- a/package.json
+++ b/package.json
@@ -90,6 +90,7 @@
     "debug": "^4.3.4",
     "browserify-sign": "^4.2.2",
     "braces": "^3.0.3",
-    "micromatch": "^4.0.8"
+    "micromatch": "^4.0.8",
+    "**/eslint/cross-spawn": "^7.0.5"
   }
 }
\ No newline at end of file
diff --git a/yarn.lock b/yarn.lock
index b4278845..781274b9 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -2218,10 +2218,10 @@ cross-fetch@^3.0.4:
   dependencies:
     node-fetch "^2.6.12"
 
-cross-spawn@^7.0.0:
-  version "7.0.3"
-  resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-7.0.3.tgz#f73a85b9d5d41d045551c177e2882d4ac85728a6"
-  integrity sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==
+cross-spawn@^7.0.0, cross-spawn@^7.0.5:
+  version "7.0.6"
+  resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-7.0.6.tgz#8a58fe78f00dcd70c370451759dfbfaf03e8ee9f"
+  integrity sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==
   dependencies:
     path-key "^3.1.0"
     shebang-command "^2.0.0"