From 6893c4c0304d762e2b6383e4906c206fcd2f6d57 Mon Sep 17 00:00:00 2001
From: Louis Chan <louischan@oursky.com>
Date: Thu, 12 Dec 2024 14:44:08 +0800
Subject: [PATCH 1/5] Run `npm audit fix` at /

---
 package-lock.json | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 39ea6987..c17d5557 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -6880,9 +6880,9 @@
       }
     },
     "node_modules/cross-spawn": {
-      "version": "7.0.3",
-      "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz",
-      "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==",
+      "version": "7.0.6",
+      "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz",
+      "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==",
       "dependencies": {
         "path-key": "^3.1.0",
         "shebang-command": "^2.0.0",

From e78f933896823a91314d53993448a91f728aefc8 Mon Sep 17 00:00:00 2001
From: Louis Chan <louischan@oursky.com>
Date: Thu, 12 Dec 2024 14:44:38 +0800
Subject: [PATCH 2/5] Run `npm audit fix` at /website

---
 website/package-lock.json | 30 +++++++++++++++++-------------
 1 file changed, 17 insertions(+), 13 deletions(-)

diff --git a/website/package-lock.json b/website/package-lock.json
index 027aac21..3616396b 100644
--- a/website/package-lock.json
+++ b/website/package-lock.json
@@ -5109,9 +5109,9 @@
       }
     },
     "node_modules/cross-spawn": {
-      "version": "7.0.3",
-      "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz",
-      "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==",
+      "version": "7.0.6",
+      "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz",
+      "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==",
       "dependencies": {
         "path-key": "^3.1.0",
         "shebang-command": "^2.0.0",
@@ -6114,9 +6114,9 @@
       }
     },
     "node_modules/express": {
-      "version": "4.21.1",
-      "resolved": "https://registry.npmjs.org/express/-/express-4.21.1.tgz",
-      "integrity": "sha512-YSFlK1Ee0/GC8QaO91tHcDxJiE/X4FbpAyQWkxAvG6AXCuR65YzK8ua6D9hvi/TzUfZMpc+BwuM1IPw8fmQBiQ==",
+      "version": "4.21.2",
+      "resolved": "https://registry.npmjs.org/express/-/express-4.21.2.tgz",
+      "integrity": "sha512-28HqgMZAmih1Czt9ny7qr6ek2qddF4FclbMzwhCREB6OFfH+rXAnuNCwo1/wFvrtbgsQDb4kSbX9de9lFbrXnA==",
       "dependencies": {
         "accepts": "~1.3.8",
         "array-flatten": "1.1.1",
@@ -6137,7 +6137,7 @@
         "methods": "~1.1.2",
         "on-finished": "2.4.1",
         "parseurl": "~1.3.3",
-        "path-to-regexp": "0.1.10",
+        "path-to-regexp": "0.1.12",
         "proxy-addr": "~2.0.7",
         "qs": "6.13.0",
         "range-parser": "~1.2.1",
@@ -6152,6 +6152,10 @@
       },
       "engines": {
         "node": ">= 0.10.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/express"
       }
     },
     "node_modules/express/node_modules/content-disposition": {
@@ -6179,9 +6183,9 @@
       "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A=="
     },
     "node_modules/express/node_modules/path-to-regexp": {
-      "version": "0.1.10",
-      "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.10.tgz",
-      "integrity": "sha512-7lf7qcQidTku0Gu3YDPc8DJ1q7OOucfa/BSsIwjuh56VU7katFvuM8hULfkwB3Fns/rsVF7PwPKVw1sl5KQS9w=="
+      "version": "0.1.12",
+      "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.12.tgz",
+      "integrity": "sha512-RA1GjUVMnvYFxuqovrEqZoxxW5NUZqbwKtYz/Tt7nXerk0LbLblQmrsgdeOxV5SFHf0UDggjS/bSeOZwt1pmEQ=="
     },
     "node_modules/express/node_modules/range-parser": {
       "version": "1.2.1",
@@ -10459,9 +10463,9 @@
       }
     },
     "node_modules/nanoid": {
-      "version": "3.3.7",
-      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.7.tgz",
-      "integrity": "sha512-eSRppjcPIatRIMC1U6UngP8XFcz8MQWGQdt1MTBQ7NaAmvXDfvNxbvWV3x2y6CdEUciCSsDHDQZbhYaB8QEo2g==",
+      "version": "3.3.8",
+      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.8.tgz",
+      "integrity": "sha512-WNLf5Sd8oZxOm+TzppcYk8gVOgP+l58xNy58D0nbUnOxOWRWvlcCV4kUF7ltmI6PsrLl/BgKEyS4mqsGChFN0w==",
       "funding": [
         {
           "type": "github",

From 2a7300ed12f4cab8c8f703b3ce9b334e9c5532e1 Mon Sep 17 00:00:00 2001
From: Louis Chan <louischan@oursky.com>
Date: Thu, 12 Dec 2024 14:45:02 +0800
Subject: [PATCH 3/5] Run `npm audit fix` at /example/capacitor

---
 example/capacitor/package-lock.json | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/example/capacitor/package-lock.json b/example/capacitor/package-lock.json
index 1dfbc861..40518745 100644
--- a/example/capacitor/package-lock.json
+++ b/example/capacitor/package-lock.json
@@ -5174,9 +5174,9 @@
       "dev": true
     },
     "node_modules/cross-spawn": {
-      "version": "7.0.3",
-      "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz",
-      "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==",
+      "version": "7.0.6",
+      "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz",
+      "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==",
       "dev": true,
       "dependencies": {
         "path-key": "^3.1.0",
@@ -8245,9 +8245,9 @@
       "dev": true
     },
     "node_modules/nanoid": {
-      "version": "3.3.7",
-      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.7.tgz",
-      "integrity": "sha512-eSRppjcPIatRIMC1U6UngP8XFcz8MQWGQdt1MTBQ7NaAmvXDfvNxbvWV3x2y6CdEUciCSsDHDQZbhYaB8QEo2g==",
+      "version": "3.3.8",
+      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.8.tgz",
+      "integrity": "sha512-WNLf5Sd8oZxOm+TzppcYk8gVOgP+l58xNy58D0nbUnOxOWRWvlcCV4kUF7ltmI6PsrLl/BgKEyS4mqsGChFN0w==",
       "dev": true,
       "funding": [
         {

From 1a99dfffbcc5be41292202eb957528413de440de Mon Sep 17 00:00:00 2001
From: Louis Chan <louischan@oursky.com>
Date: Thu, 12 Dec 2024 14:48:23 +0800
Subject: [PATCH 4/5] Add `yarnauditfix` to avoid manually typing the commands
 everytime

---
 example/reactnative/README.md    | 6 ++++--
 example/reactnative/package.json | 3 ++-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/example/reactnative/README.md b/example/reactnative/README.md
index e40a7148..fc7613a9 100644
--- a/example/reactnative/README.md
+++ b/example/reactnative/README.md
@@ -8,14 +8,16 @@ Yarn Classic is our package manager. It does not support `audit fix`.
 I tried to switch to npm, but then `npm start` will result in error `cannot find package @authgear/react-native`.
 So a React Native project cannot really use npm as package manager.
 
-To automate the fixing of vulnerabilities in packages. We can use the following workaround
+To automate the fixing of vulnerabilities in packages. We can use the following workaround:
+
+> You can just `npm run yarnauditfix`. It does the following for you.
 
 - `rm yarn.lock`
 - `npm i` to generate `package-lock.json`.
 - `npm audit fix` to fix vulnerabilities.
 - `git checkout -- yarn.lock` to bring back `yarn.lock`.
 - `npm i` to ask npm to update `yarn.lock` based on `package-lock.json`.
-- `yarn i` to ask Yarn to update `yarn.lock` according to its own flavor.
+- `yarn install` to ask Yarn to update `yarn.lock` according to its own flavor.
 - `rm package-lock.json` to remove residue.
 
 # Initial setup
diff --git a/example/reactnative/package.json b/example/reactnative/package.json
index 299177cd..320b7f19 100644
--- a/example/reactnative/package.json
+++ b/example/reactnative/package.json
@@ -8,7 +8,8 @@
     "start": "react-native start",
     "test": "jest",
     "lint": "eslint . --ext .js,.jsx,.ts,.tsx",
-    "typecheck": "tsc --noEmit"
+    "typecheck": "tsc --noEmit",
+    "yarnauditfix": "rm yarn.lock && npm install && npm audit fix && git checkout -- yarn.lock && npm install && yarn install && rm package-lock.json"
   },
   "dependencies": {
     "@authgear/react-native": "../../packages/authgear-react-native",

From 0da9170c07db00b1ab2d9add5ea828b953dcaec0 Mon Sep 17 00:00:00 2001
From: Louis Chan <louischan@oursky.com>
Date: Thu, 12 Dec 2024 14:49:15 +0800
Subject: [PATCH 5/5] Run `npm run yarnauditfix` at /example/reactnative

---
 example/reactnative/yarn.lock | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/example/reactnative/yarn.lock b/example/reactnative/yarn.lock
index 2d57f693..8fd38fcb 100644
--- a/example/reactnative/yarn.lock
+++ b/example/reactnative/yarn.lock
@@ -2735,9 +2735,9 @@ create-jest@^29.7.0:
     prompts "^2.0.1"
 
 cross-spawn@^7.0.2, cross-spawn@^7.0.3:
-  version "7.0.3"
-  resolved "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz"
-  integrity sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==
+  version "7.0.6"
+  resolved "https://registry.yarnpkg.com/cross-spawn/-/cross-spawn-7.0.6.tgz#8a58fe78f00dcd70c370451759dfbfaf03e8ee9f"
+  integrity sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==
   dependencies:
     path-key "^3.1.0"
     shebang-command "^2.0.0"