Closed bunnymatic closed 1 year ago
This should address #62.
I think the only thing to point out is the Node.js support difference between optimist 0.6.1 and yargs 15.
Any idea when this will be merged. @Yanchek99 @brianreavis I wonder why it's left open since long days..
Probably never, all Brian's work should be archived as it's unmaintained and has been for a number of years
closing for inactivity
Problem
sifter
depends onoptimist
which depends on an old version ofminimist
which has a security vulnerability (https://snyk.io/vuln/SNYK-JS-MINIMIST-559764).Additionally,
optimist
the package is no longer supported. The author suggests just usingminimist
directly. After some investigation, it looks likeyargs
is basically a drop in replacement foroptimist
.Solution
Replace
optimist
withyargs
. This removes the vulnerabilty and requires almost no code changes.Demo after the move to
yargs