Pin sha.js 2.4.12 in resolutions to fix CVE-2025-9288 (#384)

Signed-off-by: David Zane <[email protected]>

Author: dzane17

package.json

@@ -60,7 +60,8 @@
     "@babel/runtime": "^7.26.10",
     "@babel/runtime-corejs3": "^7.22.9",
     "pbkdf2": "3.1.5",
-    "form-data": "4.0.4"
+    "form-data": "4.0.4",
+    "sha.js": "^2.4.12"
   },
   "devDependencies": {
     "@cypress/webpack-preprocessor": "^6.0.1",
@@ -90,4 +91,4 @@
     "node_modules/*",
     "target/*"
   ]
-}
+}

yarn.lock

@@ -5694,15 +5694,7 @@ setimmediate@^1.0.4:
   resolved "https://registry.yarnpkg.com/setimmediate/-/setimmediate-1.0.5.tgz#290cbb232e306942d7d7ea9b83732ab7856f8285"
   integrity sha512-MATJdZp8sLqDl/68LfQmbP8zKPLQNV6BIZoIgrscFDQ+RsvK/BxeDQOgyxKKoh0y/8h3BqVFnCqQ/gd+reiIXA==
 
-sha.js@^2.4.0, sha.js@^2.4.8:
-  version "2.4.11"
-  resolved "https://registry.yarnpkg.com/sha.js/-/sha.js-2.4.11.tgz#37a5cf0b81ecbc6943de109ba2960d1b26584ae7"
-  integrity sha512-QMEp5B7cftE7APOjk5Y6xgrbWu+WkLVQwk8JNjZ8nKRciZaByEW6MubieAiToS7+dwvrjGhH8jRXz3MVd0AYqQ==
-  dependencies:
-    inherits "^2.0.1"
-    safe-buffer "^5.0.1"
-
-sha.js@^2.4.12:
+sha.js@^2.4.0, sha.js@^2.4.12, sha.js@^2.4.8:
   version "2.4.12"
   resolved "https://registry.yarnpkg.com/sha.js/-/sha.js-2.4.12.tgz#eb8b568bf383dfd1867a32c3f2b74eb52bdbf23f"
   integrity sha512-8LzC5+bvI45BjpfXU8V5fdU2mfeKiQe1D1gIMn7XUlF3OTUrpdJpPPH4EMAnF0DsHHdSZqCdSss5qCmJKuiO3w==