Fix example transitive vulnerability for Yarn 1.0 or later

Because Yarn projects allow for multiple versions of the same library, you cannot override a vulnerable library by adding the appropriate version directly to the configuration file.

These steps provide a fix for a Timing Attack Via Signature Validation vulnerability in cookie-signature, version 1.0.3 in the example-javascript-yarn repository.

To complete this task:

Add this resolutions section to your package.json file:
```
"resolutions": {
  "cookie-signature": "1.0.4"
}
```
If a resolutions section already exists, add "cookie-signature": "1.0.4" to it.
Run the yarn install command.

Next steps:

After completing these steps, build, test, and rescan your project to ensure the fix succeeded.

Did you find this helpful?