Open sffc opened 1 year ago
There is an npm audit report on this package due to its dependency on a vulnerable version of yargs, which npm audit fix is unable to resolve.
# npm audit report yargs-parser <=5.0.0 Severity: moderate yargs-parser Vulnerable to Prototype Pollution - https://github.com/advisories/GHSA-p9pc-299p-vxgp No fix available ../shared/node_modules/yargs-parser yargs 4.0.0-alpha1 - 7.0.0-alpha.3 || 7.1.1 Depends on vulnerable versions of yargs-parser ../shared/node_modules/yargs dts-gen * Depends on vulnerable versions of yargs ../shared/node_modules/dts-gen 3 moderate severity vulnerabilities
Note that yargs is now at version 17, and the vulnerability is only in versions 4 through 7, so I think updating the yargs dependency to a newer version in dts-gen should resolve this.
There is an npm audit report on this package due to its dependency on a vulnerable version of yargs, which npm audit fix is unable to resolve.