Fix example transitive vulnerability for Yarn earlier than 1.0

Because Yarn projects allow for multiple versions of the same library, you cannot override a vulnerable library by adding the appropriate version directly to the configuration file.

These steps provide a fix for a Timing Attack Via Signature Validation vulnerability in cookie-signature, version 1.0.3 in the example-javascript-yarn repository.

To complete this task:

Run this command to install cookie-signature library 1.0.4:
```
yarn add [email protected]
```
Run this command and, when prompted, choose the latest version:
```
yarn install --flat
```

Next steps:

After completing these steps, build, test, and rescan your project to ensure the fix succeeded.

Did you find this helpful?