prettier-tslint icon indicating copy to clipboard operation
prettier-tslint copied to clipboard

Published 20 hours ago verified publisher icon azz

Low security vulnerability from yargs > yargs-parser

Open AndriiZelenskyi opened this issue 4 years ago • 0 comments

I'm using a 0.4.2 version of the prettier-tslint library and have a warning about one of your dependencies. Here is a report from yarn audit command:

┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ yargs-parser                                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=13.1.2 <14.0.0 || >=15.0.1 <16.0.0 || >=18.1.2             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ prettier-tslint                                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ prettier-tslint > yargs > yargs-parser                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1500                        │
└───────────────┴──────────────────────────────────────────────────────────────┘

AndriiZelenskyi avatar May 12 '20 18:05 AndriiZelenskyi