From b737c45e0a817df4b64057d8746bc4a674141763 Mon Sep 17 00:00:00 2001
From: Anan Zhuang <ananzh@amazon.com>
Date: Tue, 6 Dec 2022 22:56:54 +0000
Subject: [PATCH] Bumps simple-git from 3.4.0 to 3.15.0

Resolve CVE-2022-25912. The package simple-git before 3.15.
vulnerable to Remote Code Execution (RCE)

Signed-off-by: Anan Zhuang <ananzh@amazon.com>
---
 package.json | 2 +-
 yarn.lock    | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package.json b/package.json
index 6e70572f4..8aef6f4fb 100644
--- a/package.json
+++ b/package.json
@@ -80,7 +80,7 @@
     "proxy": "^1.0.2",
     "rimraf": "^3.0.2",
     "semver": "^7.3.5",
-    "simple-git": "^3.5.0",
+    "simple-git": "^3.15.0",
     "simple-statistics": "^7.7.0",
     "split2": "^3.2.2",
     "stoppable": "^1.1.0",
diff --git a/yarn.lock b/yarn.lock
index 6b6032b84..61353c937 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -2841,10 +2841,10 @@ signal-exit@^3.0.4, signal-exit@^3.0.6:
   resolved "https://registry.yarnpkg.com/signal-exit/-/signal-exit-3.0.7.tgz#a9a1767f8af84155114eaabd73f99273c8f59ad9"
   integrity sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ==
 
-simple-git@^3.5.0:
-  version "3.13.0"
-  resolved "https://registry.yarnpkg.com/simple-git/-/simple-git-3.13.0.tgz#36589e201c28cecaca6f3a898e7257c6610e8588"
-  integrity sha512-VYrs3joeHvWGcN3K135RpGpPjm4AHYeOrclwew6LlfHgq6ozQYIW2yMnmjf4PCgVOuSYCbXkdUjyiFawuJz8MA==
+simple-git@^3.15.0:
+  version "3.15.1"
+  resolved "https://registry.yarnpkg.com/simple-git/-/simple-git-3.15.1.tgz#57f595682cb0c2475d5056da078a05c8715a25ef"
+  integrity sha512-73MVa5984t/JP4JcQt0oZlKGr42ROYWC3BcUZfuHtT3IHKPspIvL0cZBnvPXF7LL3S/qVeVHVdYYmJ3LOTw4Rg==
   dependencies:
     "@kwsites/file-exists" "^1.1.1"
     "@kwsites/promise-deferred" "^1.1.1"