John

CVE-2020-28502: xmlhttprequest-ssl-1.5.5.tgz

3

Vulnerability registered for nested dependency with `xmlhttprequest-ssl-1.5.5`. Upgrade to 1.7.0 should remediate. I can work on the PR, but if someone gets it sooner, great. ## Additional Data Dependency map:...

Fix: Upgrade yargs to ^16.0.0

8

Hi, There is a patch to a high severity vulnerability available for `yargs`. Can you please update to version `^16.0.0` or so? It would resolve CVE-2020-7774. https://snyk.io/test/npm/yargs/15.3.1 Thank you in...