pzrq
commented
3 years ago Breaking changes don't look that bad, though I guess it can be hard to know for sure: https://github.com/yargs/yargs-parser/blob/main/CHANGELOG.md
Open ZebraFlesh opened 3 years ago
pzrq
commented
3 years ago Breaking changes don't look that bad, though I guess it can be hard to know for sure: https://github.com/yargs/yargs-parser/blob/main/CHANGELOG.md
fordN
commented
2 years ago It's been AWHILE now. Any word on updating the vulnerable dependency?
jamonholmgren
commented
2 years ago @fordN I haven't been paying close attention to gluegun for time constraint reasons, but now am back at it more regularly. I'll get a build pushed with yargs-parser updated today.
yargs-parser 16.1.0 has a prototype pollution vulnerability: https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381 This is fixed in 18.1.1 and later.