🔒 Security: Upgrade yargs-parser and yargs to latest stable version

[deathstar1708]

Currently the [email protected] version has not upgraded its yarg-parser and yargs which is causing a security vulnerability (NO-CVE: Regular Expression Denial Of Service (ReDoS)) . Please help upgrade both to the most stable version as of current date. Thank you . Attached are the vulnerability and the most stable release in the npm package library

[marcel-becker]

Snyk scan is also flagging Mocha ReDos as a High Risk Vulnerability: https://security.snyk.io/vuln/SNYK-JS-MOCHA-2863123.

[github-actions[bot]]

This issue hasn't had any recent activity, and I'm labeling it stale. Remove the label or comment or this issue will be closed in 14 days. Thanks for contributing to Mocha!

[guimard]

See also #4938 and #4809

[github-actions[bot]]

This issue hasn't had any recent activity, and I'm labeling it stale. Remove the label or comment or this issue will be closed in 14 days. Thanks for contributing to Mocha!

[mahnunchik]

Any news about updating yargs-* to latest stable version?

[github-actions[bot]]

This issue hasn't had any recent activity, and I'm labeling it stale. Remove the label or comment or this issue will be closed in 14 days. Thanks for contributing to Mocha!

[guimard]

Any news about updating yargs-* to latest stable version?

[JoshuaKGoldberg]

Marking as accepting PRs. Note that Mocha's current major version supports Node 14, so any version of a new package must also support 14.