Closed csantos1113 closed 6 months ago
after reading CVE-2021-3807 more carefully I see the current cliui
uses a safe version of strip-ansi
so this PR isn't reaaally needed for my original intention.
BUT, I think this PR is still valid, so its dependencies are aligned, otherwise users of this package are installing two versions of cliui
:
cliui@3.2.0
directlycliui@7.2.0
indirectly (via transient dependencies from yargs
)Sounds good - I’ll merge this tonight, thanks.
All modified and coverable lines are covered by tests :white_check_mark:
Comparison is base (
4fc0815
) 100.00% compared to head (096427b
) 100.00%.
:exclamation: Your organization needs to install the Codecov GitHub app to enable full functionality.
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
yargs@16.2.0
,yargs@16.2.0
usescliui@7.0.2
cliui
versions so only one gets installed as transient dependencyso there should be no impact to consumers