node-sass-chokidar Prototype pollution vulnerability in dependency yargs-parser

Prototype pollution vulnerability in dependency yargs-parser

Open AbhaysinghBhosale opened this issue 3 years ago • 1 comments

There is an vulnerability in yargs-parse dependency

Low Prototype Pollution
Package yargs-parser
Patched in >=13.1.2 <14.0.0 || >=15.0.1 <16.0.0 || >=18.1.2
Dependency of node-sass-chokidar [dev]
Path node-sass-chokidar > sass-graph > yargs > yargs-parser
More info https://nodesecurity.io/advisories/1500

May 28 '21 08:05 AbhaysinghBhosale

@michaelwayman any updates on this with dependencies upgrade for yargs-parser, trim-newlines , css-what

Jul 14 '21 06:07 AbhaysinghBhosale

node-sass-chokidar node-sass-chokidar copied to clipboard

Prototype pollution vulnerability in dependency yargs-parser

node-sass-chokidar
node-sass-chokidar copied to clipboard