lazymention icon indicating copy to clipboard operation
lazymention copied to clipboard

Published 20 hours ago verified publisher icon strugee

[Snyk] Security upgrade yargs from 10.1.2 to 13.1.0

Open snyk-bot opened this issue 4 years ago • 0 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change Exploit Maturity
medium severity Prototype Pollution
SNYK-JS-YARGSPARSER-560381		 Yes Proof of Concept
Commit messages
Package name: yargs The new version differs by 84 commits.
  • 706fc7a chore(release): 13.1.0
  • 95700d6 test: add tests for alias behavior, based on conversations today (#1291)
  • f45a817 chore: slight refactor of approach being used, add support for per-command
  • 5be206a feat: add applyBeforeValidation, for applying sync middleware before validation
  • cc8af76 chore(release): 13.0.0
  • e9dc3aa feat: options/positionals with leading '+' and '0' no longer parse as numbers (#1286)
  • ef16792 chore: drop Node 6 from testing matrix (#1287)
  • f25de4f chore: update dependencies (#1284)
  • 6916ce9 feat: adds config option for sorting command output (#1256)
  • 7b200d2 chore: increase test timeout for windows
  • 64af518 fix: middleware added multiple times due to reference bug (#1282)
  • 61f1b25 doc: update docs to reflect new parserConfiguration method (#1280)
  • 3c6869a feat: Add `.parserConfiguration()` method, deprecating package.json config (#1262)
  • da75ea2 fix: better bash path completion (#1272)
  • e0c62c8 doc: edit help example to align with actual output (#1271)
  • bc0ee40 chore: address @aorinevo's code review so that we can land
  • f3a4e4f feat: support promises in middleware
  • 64a0d7e docs: Testing command modules (#1267)
  • 0510fe6 fix(validation): Use the error as a message when none exists otherwise (#1268)
  • 27bf739 fix(deps): Update os-locale to avoid security vulnerability (#1270)
  • 54e165d docs(advanced): document non-singleton use, .exit() and parsed (#1251)
  • 8789bf4 chore(release): 12.0.5
  • dc8d63f chore: explicit update to yargs-parser
  • eacc035 fix: allows camel-case, variadic arguments, and strict mode to be combined (#1247)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:

🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

snyk-bot avatar Mar 17 '20 01:03 snyk-bot