build(deps): align `cliui` version to the version `yargs` uses internally

sarbbottam / eslint-find-rules

Find built-in ESLint rules you don't have in your custom config

http://npm.im/eslint-find-rules

MIT License

201 stars 33 forks source link

build(deps): align `cliui` version to the version `yargs` uses internally #350

Closed csantos1113 closed 6 months ago

csantos1113 commented 6 months ago

this package already uses yargs@16.2.0,
yargs@16.2.0 uses cliui@7.0.2
so we should align the cliui versions so only one gets installed as transient dependency

so there should be no impact to consumers

csantos1113 commented 6 months ago

after reading CVE-2021-3807 more carefully I see the current cliui uses a safe version of strip-ansi

so this PR isn't reaaally needed for my original intention.

BUT, I think this PR is still valid, so its dependencies are aligned, otherwise users of this package are installing two versions of cliui:

cliui@3.2.0 directly
and cliui@7.2.0 indirectly (via transient dependencies from yargs)

ljharb commented 6 months ago

Sounds good - I’ll merge this tonight, thanks.

codecov-commenter commented 6 months ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Comparison is base (4fc0815) 100.00% compared to head (096427b) 100.00%.

:exclamation: Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

```diff @@ Coverage Diff @@ ## master #350 +/- ## ========================================= Coverage 100.00% 100.00% ========================================= Files 9 9 Lines 185 185 ========================================= Hits 185 185 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.