hypery2k / galenframework-cli

NPM wrapper for galenframework
MIT License
17 stars 7 forks source link

[Snyk] Security upgrade yargs from 3.30.0 to 15.0.1 #522

Closed snyk-bot closed 2 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: yargs The new version differs by 250 commits.
  • aa09faf chore: release 15.0.1 (#1480)
  • 6a9ebe2 fix(deps): cliui, find-up, and string-width, all drop Node 6 support (#1479)
  • 5cc2b5e chore: release 15.0.0 (#1462)
  • 62a114a force build
  • 1840ba2 feat: expose `Parser` from `require('yargs/yargs')` (#1477)
  • afd5b48 fix(docs): update boolean description and examples in docs (#1474)
  • c10c38c feat(deps)!: yargs-parser now throws on invalid combinations of config (#1470)
  • 0cba424 build: switch to release-please for releases (#1471)
  • 445bc58 chore: update engines to note Node 6 is dropped (#1469)
  • 52d875a test: add additional test for 1459
  • 12c82e6 fix: stop-parse was not being respected by commands (#1459)
  • b4812ac test: add tests for argsert warning to display positional information (#1468)
  • 10f10ee test: cover missing filter arg in obj-filter (#1467)
  • cb0396f build: switch to c8 for coverage (#1464)
  • ebee59d fix!: update to yargs-parser with fix for array default values (#1463)
  • 5120aec test: adds missing array choice regression test (#1447)
  • 2ba8ce0 chore!: drop Node 6 support (#1461)
  • cb64329 build: configure release-please
  • 0d3642b refactor!: remove package.json-based parserConfiguration (#1460)
  • 9adf22e doc(webpack): webpack example (#1436)
  • 7e1c8fc Add missing french translation (#1456)
  • b1b156a fix(docs): TypeScript import to prevent a future major release warning (#1441)
  • bc3c4d1 chore(release): 14.2.0
  • 4d21520 feat(deps): introduce yargs-parser with support for unknown-options-as-args (#1440)
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic