nbarrett
commented
2 years ago - Helps address vulnerability in serenity-js as part of #serenity-js-issue-1062
Closed nbarrett closed 1 year ago
nbarrett
commented
2 years ago 
ljharb
commented
2 years ago Additionally, that CVE is a false positive for yargs because you’d have to be attacking yourself.
ljharb
commented
1 year ago 70da9b7 updated to yargs 15, which hopefully is new enough to contain this fix. We can't update beyond that until we drop node < 12.