node-bash-obfuscate icon indicating copy to clipboard operation
node-bash-obfuscate copied to clipboard

Published 20 hours ago verified publisher icon willshiao

[Snyk] Security upgrade yargs from 6.6.0 to 10.0.0

Open willshiao opened this issue 1 year ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: yargs The new version differs by 98 commits.
  • 8515e4f docs: nit in CHANGELOG
  • 4b8cfa9 docs: slight tweaks to CHANGELOG
  • c809cbe chore(release): 10.0.0
  • fc13dcd chore: new translations for command API overhaul (#976)
  • 7269531 feat: .usage() can now be used to configure a default command (#975)
  • 3757194 chore: add id translation to #976 (#986)
  • 47b3078 chore: update Dutch Translation (#981)
  • 20bb99b feat: replace /bin/bash with file basename (#983)
  • 5a9c986 feat(translation): Update pl-PL translations (#985)
  • 02cc11d docs: whoops, forgot to call out a breaking change introduced into parse()
  • 7e58453 fix: the positional argument parse was clobbering global flag arguments (#984)
  • a06b67d chore: update tr.json (#982)
  • b2d11b3 chore: add ja translations (#979)
  • 1598a7f docs: switch to using .positional() in example (#973)
  • 280d0d6 feat: hidden options are now explicitly indicated using "hidden" flag (#962)
  • 8c1d7bf fix: less eager help command execution (#972)
  • db77c53 chore: switch to find-up from read-pkg-up (#970)
  • cb16460 feat: introduce .positional() for configuring positional arguments (#967)
  • 3bb8771 fix: config and normalise can be disabled with false (#952)
  • c649415 chore(release): 9.1.0
  • 7b22203 fix(command): Run default cmd even if the only cmd (#950)
  • 74a38b2 feat: multiple usage calls are now collected, not replaced (#958)
  • d1b23f3 chore(release): 9.0.1
  • ac8088b fix: implications fails only displayed once (#954)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

willshiao avatar Jun 20 '23 18:06 willshiao