globstar icon indicating copy to clipboard operation
globstar copied to clipboard

Published 20 hours ago verified publisher icon schnittstabil

[Snyk] Security upgrade yargs from 3.32.0 to 16.0.0

Open snyk-bot opened this issue 4 years ago • 0 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 758/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.3		 Prototype Pollution
SNYK-JS-Y18N-1021887		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: yargs The new version differs by 250 commits.
  • 1ffb927 chore: v16.0.0 release
  • 5e5e5d0 chore: release 16.0.0 (#1698)
  • b215fba feat: adds strictOptions() (#1738)
  • c7debe8 feat(helpers): rebase, Parser, applyExtends now blessed helpers (#1733)
  • c71783a feat: i18n for ESM and Deno (#1735)
  • d360577 build: use release-please action (#1736)
  • 4151fee feat: tweaks to API surface based on user feedback (#1726)
  • 60234a4 deps(typescript): upgrade to [email protected] (#1728)
  • bad6f76 docs: use URL to images, for benefit of Deno (#1727)
  • b1f647b chore: add back yargs logo
  • ac6d5d1 feat: adds support for ESM and Deno (#1708)
  • 0f81024 fix(yargs): add missing command(module) signature (#1707)
  • a552990 feat(usage)!: single char aliases first in help (#1574)
  • f5997e8 refactor(ts): move to TypeScript release of yargs-parser (#1696)
  • c06f886 refactor(ts)!: ship yargs.d.ts (#1671)
  • 56a589f chore(deps): update dependency @types/mocha to v8 (#1689)
  • df283d3 chore(deps): update dependency mocha to v8 (#1674)
  • 863937f feat!: drop support for EOL Node 8 (#1686)
  • 028b50d chore: release 15.4.0 (#1635)
  • 225ab82 feat: support array of examples (#1682)
  • e68334b refactor(ts): move and tsify most of root yargs.js to lib/yargs (#1670)
  • cb7fbb8 chore: remove old entries from `files` field in `package.json (#1677)
  • 34949f8 Revert "chore(deps): update dependency eslint to v7 (#1656)" (#1673)
  • 18c2efd docs(api): clarify process.argv handling and the order of API methods (#1644)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

snyk-bot avatar Nov 18 '20 01:11 snyk-bot