garbados / dat-gateway

In-memory Dat to HTTP gateway
https://dat.bovid.space/
61 stars 13 forks source link

[Snyk] Security upgrade yargs from 15.4.1 to 16.0.0 #38

Open snyk-bot opened 4 years ago

snyk-bot commented 4 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 758/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.3
Prototype Pollution
SNYK-JS-Y18N-1021887
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: yargs The new version differs by 18 commits.
  • 1ffb927 chore: v16.0.0 release
  • 5e5e5d0 chore: release 16.0.0 (#1698)
  • b215fba feat: adds strictOptions() (#1738)
  • c7debe8 feat(helpers): rebase, Parser, applyExtends now blessed helpers (#1733)
  • c71783a feat: i18n for ESM and Deno (#1735)
  • d360577 build: use release-please action (#1736)
  • 4151fee feat: tweaks to API surface based on user feedback (#1726)
  • 60234a4 deps(typescript): upgrade to typescript@4.x (#1728)
  • bad6f76 docs: use URL to images, for benefit of Deno (#1727)
  • b1f647b chore: add back yargs logo
  • ac6d5d1 feat: adds support for ESM and Deno (#1708)
  • 0f81024 fix(yargs): add missing command(module) signature (#1707)
  • a552990 feat(usage)!: single char aliases first in help (#1574)
  • f5997e8 refactor(ts): move to TypeScript release of yargs-parser (#1696)
  • c06f886 refactor(ts)!: ship yargs.d.ts (#1671)
  • 56a589f chore(deps): update dependency @types/mocha to v8 (#1689)
  • df283d3 chore(deps): update dependency mocha to v8 (#1674)
  • 863937f feat!: drop support for EOL Node 8 (#1686)
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic