From c5428ed6c921f69bdc4596622a8c7ad6276f991a Mon Sep 17 00:00:00 2001
From: Ivan Volzhev <ivan.volzhev@coinbase.com>
Date: Tue, 29 Jun 2021 15:33:03 +0200
Subject: [PATCH] Fixes #1562: fixes version of trim-newlines

trim-newlines is a transitive dependency which is present in a
dependency tree through imagemin-webp and node-sass.

Version of trim-newlines which is referenced by those pacakges has a
security advisory https://snyk.io/vuln/SNYK-JS-TRIMNEWLINES-1298042

Neither imagemin-webp nor node-sass have version which depend on patched
version of trim-newlines. And at least node-sass is not maintained any
longer.

Under current circumstances the only way to fix this is to force
trim-newlines version via "resolutions". As interface of the package is
backward compatible and does not break anything I believe it is a right
thing to do.
---
 package.json | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/package.json b/package.json
index bfb6e21..53a38af 100644
--- a/package.json
+++ b/package.json
@@ -9742,5 +9742,8 @@
 		"webpack": "5.41.1",
 		"webpack-bundle-analyzer": "4.4.2",
 		"webpack-cli": "4.2.0"
+	},
+	"resolutions": {
+		"trim-newlines": "4.0.2"
 	}
 }