Resolve vulnerability: Uncontrolled Search Path Element in execa

Description:

Attackers could trick execa into executing arbitrary binaries. This behaviour is caused by the setting preferLocal=true which makes execa search for locally installed binaries and executes them. This vulnerability is usually only exploitable when using execa on a client-side LOCAL application.

• Severity: critical
• Confidence: unknown
• Location: storybook/yarn.lock

Solution:

Upgrade to version 2.0.0 or above.

Identifiers:

• Gemnasium-05cfa2e8-2d0c-42c1-8894-638e2f12ff3d

Links:

• https://github.com/sindresorhus/execa/releases/tag/v2.0.0