search

18F / ghad

GitHub administration command line tool
Other
21 stars 9 forks source link

[Snyk] Upgrade yargs from 14.0.0 to 14.2.3 #32

Closed snyk-bot closed 4 years ago

snyk-bot commented 4 years ago

Snyk has created this PR to upgrade yargs from 14.0.0 to 14.2.3.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version fixes:

Severity Issue Exploit Maturity
Prototype Pollution
SNYK-JS-YARGSPARSER-560381		 Proof of Concept
Release notes
Package name: yargs
  • 14.2.3 - 2020-03-13
  • 14.2.2 - 2019-11-19
  • 14.2.1 - 2019-10-30
  • 14.2.0 - 2019-10-07

    chore(release): 14.2.0

  • 14.1.0 - 2019-09-06

    chore(release): 14.1.0

  • 14.0.0 - 2019-07-30

    chore(release): 14.0.0

from yargs GitHub release notes
Commit messages
Package name: yargs
  • 32a460a chore: bump version
  • 37bd507 fix: __proto__ will now be replaced with ___proto___ in parse
  • 9190d03 fix: addresses bug caused by delete being called on frozen object (#1485)
  • 2fe88f5 chore(release): 14.2.1
  • e78e76e fix: stop-parse was not being respected by commands (#1459)
  • bc3c4d1 chore(release): 14.2.0
  • 4d21520 feat(deps): introduce yargs-parser with support for unknown-options-as-args (#1440)
  • 1b47745 docs: update supported locales (#1425)
  • d38650e fix: groups were not being maintained for nested commands (#1430)
  • 9a42b63 fix: async middleware was called twice (#1422)
  • 0be43d2 fix: fix promise check to accept any spec conform object (#1424)
  • afaf6d3 chore: Minor refactor (#1396)
  • 236e24e fix(docs): broken markdown link (#1426)
  • bae66fe fix: support merging deeply nested configuration (#1423)
  • a05a49c chore(release): 14.1.0
  • d388a7c feat(deps): yargs-parser with support for collect-unknown-options (#1421)
  • d217764 fix(docs): formalize existing callback argument to showHelp (#1386)
  • 3388425 docs: nit, let's keep the example simple
  • 5d7ad98 feat: make it possible to merge configurations when extending other config. (#1411)
  • a5d1c75 docs: remove "default: false" on verbose. (#1418)
  • bb0eb52 fix: populate correct value on yargs.parsed and stop warning on access (#1412)
  • b774b5e fix: strict() should not ignore hyphenated arguments (#1414)
  • 434def5 docs(api): add description for coerce behavior for array type argument (#1390)
  • b7ec0df docs: note about parse() callback output parameter contents (#1407)
Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

πŸ›  Adjust upgrade PR settings

πŸ”• Ignore this dependency or unsubscribe from future upgrade PRs

afeld commented 4 years ago

Superseded by https://github.com/18F/ghad/pull/38.