Please update yargs so that downstream dependencies can lose security warnings

[fluffynuts]

Specifically, this is the only audit failure on one of my repos:

                       === npm audit security report ===

                                 Manual Review
             Some vulnerabilities require your attention to resolve

          Visit https://go.npm.me/audit-guide for additional guidance

  Low             Prototype Pollution

  Package         yargs-parser

  Patched in      >=13.1.2 <14.0.0 || >=15.0.1 <16.0.0 || >=18.1.2

  Dependency of   gulp

  Path            gulp > gulp-cli > yargs > yargs-parser

  More info       https://npmjs.com/advisories/1500

This is patched upstream -- should be enough to just bump yargs dep version and re-publish. I can submit a PR, but honestly, it's a 5-minute job which would be over-complicated by submitting a PR. Unless that's the only way it will get done, in which case, please ping me -- I'm happy to put in the 5 minutes 😁

[yocontra]

Please see previous responses:

• https://github.com/gulpjs/gulp-cli/issues/202
• https://github.com/gulpjs/gulp-cli/issues/194

We are updating this in gulp 5 since it is a breaking change on their part - if they had backported their fix to the prior versions that support node 0.10+ you would be able to just run npm upgrade to rectify the warning.

There is 0 security risk to our users, this is not a real vulnerability vector for a local build tool. Do not run commands on your computer that you didn't write yourself.