distributed-jwt-cracker icon indicating copy to clipboard operation
distributed-jwt-cracker copied to clipboard

Published 20 hours ago verified publisher icon lmammino

[Snyk] Security upgrade yargs from 5.0.0 to 7.0.0

Open lmammino opened this issue 2 years ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 601/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.6		 Prototype Pollution
SNYK-JS-YARGSPARSER-560381		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: yargs The new version differs by 98 commits.
  • bc56468 docs: a couple small twaks to the CHANGELOG
  • 57dc7b5 chore(release): 7.0.0
  • f3f074b fix: positional arguments of sub-commands threw strict() exception (#805)
  • a607061 fix: console.warn() rather than throwing errors when api signatures are incorrect (#804)
  • d78a0f5 feat: introduces support for default commands, using the '*' identifier (#785)
  • 8a992f5 fix: errors were not bubbling appropriately from sub-commands to top-level (#802)
  • 07e39b7 fix: running parse() multiple times on the same yargs instance caused exception if help() enabled (#790)
  • 48575cd fix: context variables are now recognized in strict() mode (#796)
  • 49a93fc fix: use path.resolve() to support node 0.10 (#797)
  • 3280dd0 feat: allow provided config object to extend other configs (#779)
  • e0fbbe5 fix: pull in yargs-parser with modified env precedence (#787)
  • 0997288 fix: context should override parsed argv (#786)
  • a8528e6 fix: address positional argument strict() bug introduced in #766 (#784)
  • 23ccbb1 docs: remove demand examples (#772)
  • 22ed9bb feat: function argument validation (#773)
  • ab1fa4b feat: rethink how options are inherited by commands (#766)
  • 8308efa feat: introduce custom yargs error object (#765)
  • 6ab6a95 feat: add traditional Chinese translation (#780)
  • bd1472b feat: add conflicts and implies shorthands. (#753)
  • 7931652 feat: if only one column is provided for examples, allow it to take up the entire line (#749)
  • 2e5ce0f fix: address min/max validation message regression (#750)
  • 8de8272 chore: explicitly upgrade yargs-parser
  • e5613f0 chore(release): 6.6.0
  • 19a897b refactor: use process.stdout.columns instead of window-size (#737)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

lmammino avatar May 13 '22 01:05 lmammino