rpc: Bump yargs to 15.3.1

facebook-atom / jest-electron-runner

custom test runner for Jest that allows tests to be run in Electron environment

MIT License

189 stars 33 forks source link

rpc: Bump yargs to 15.3.1 #58

Closed rajivshah3 closed 4 years ago

rajivshah3 commented 4 years ago

yargs-parser@11.1.1 (from yargs@12.0.5) is vulnerable to prototype pollution. This PR bumps yargs to 15.3.1 which resolves audit pipelines that may be reporting a vulnerability in @jest-runner/rpc. This could be a breaking change since it drops support for Node 6.

rajivshah3 commented 4 years ago

Hi @aaronabramov , would you be able to review this when you get a chance?

aaronabramov commented 4 years ago

hey @rajivshah3 looks good! thank you!