[Vulnerability] MEDIUM (DoS) mem@1.1.0 caused by yargs@10.0.3

npm / npm-merge-driver

git merge driver for resolving conflicts in npm-related files

Other

272 stars 20 forks source link

[Vulnerability] MEDIUM (DoS) mem@1.1.0 caused by yargs@10.0.3 #8

Open VlkaFenryka opened 5 years ago

VlkaFenryka commented 5 years ago

https://app.snyk.io/vuln/npm:mem:20180117 https://github.com/sindresorhus/mem/issues/14

Introduced through: npm-merge-driver@2.3.5 › yargs@10.0.3 › os-locale@2.1.0 › mem@1.1.0 advised action: update yargs to latest version to fix the issue in the dependency tree

andrewplan commented 4 years ago

@zkat @eins78 @VlkaFenryka any chance this will be addressed soon? I'd like to get my team on board with this package but I won't do so until this vulnerability is fixed.

Thanks!