Update `yargs-parser` dependency

sindresorhus / meow

🐈 CLI app helper

MIT License

3.53k stars 150 forks source link

Update `yargs-parser` dependency #137

Closed jakejarvis closed 4 years ago

jakejarvis commented 4 years ago

yargs-parser v18.1.1 fixes a prototype pollution vulnerability:

? ✗ Medium severity vuln found in yargs-parser@16.1.0, introduced via meow@6.0.1
    Description: Prototype Pollution
    Info: https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381
    From: meow@6.0.1 > yargs-parser@16.1.0

https://app.snyk.io/vuln/SNYK-JS-YARGSPARSER-560381 https://github.com/yargs/yargs-parser/pull/258

Thanks! 😊

sindresorhus commented 4 years ago

I'm merging this to silence the warning for people, but I strongly disagree that this is a vulnerability, and also, Snyk is not a trusted source: https://twitter.com/sindresorhus/status/1123986529498664961