Upgrade dependency cpy-cli to latest version to remove vulnerabilities in transitive dependencies, most importantly in trim-newlines,
Results of running yarn audit --groups dependencies --no-lockfile (install dependencies as if your pakage depended on it and all versions resolved to the newest available):
Before upgrading: Severity: 8 Low | 8 Moderate | 7 High
After upgrading: Severity: 10 Low | 6 Moderate | 5 High
I also tried upgrading opn-cli, but that required code changes. I may do it in a separate PR if I find the time.
Warning: cpy-cli>=3 requires node.js 8. This may be a breaking change; I was unfortunately not able to find the currently required version.
Upgrade dependency
cpy-clito latest version to remove vulnerabilities in transitive dependencies, most importantly intrim-newlines,Results of running
yarn audit --groups dependencies --no-lockfile(install dependencies as if your pakage depended on it and all versions resolved to the newest available): Before upgrading:Severity: 8 Low | 8 Moderate | 7 HighAfter upgrading:Severity: 10 Low | 6 Moderate | 5 HighI also tried upgrading opn-cli, but that required code changes. I may do it in a separate PR if I find the time.
Warning:
cpy-cli>=3requires node.js 8. This may be a breaking change; I was unfortunately not able to find the currently required version.