Fix example direct vulnerability for Yarn
When your configuration file specifically references a library, Veracode SCA refers to the library as a direct dependency.
These example steps provide a fix for a Cross-site Scripting (XSS) Using Non-standard Encodings vulnerability in Express, version 4.1.1 in the example-javascript-yarn project.
To complete this task:
-
Run this command to edit the Yarn file in the root of the project:
yarn upgrade express@4.5.0
yarn install --flat