Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update yargs-parser dependency #137

Merged
merged 1 commit into from Mar 19, 2020
Merged

Update yargs-parser dependency #137

merged 1 commit into from Mar 19, 2020

Conversation

jakejarvis
Copy link
Contributor

@jakejarvis jakejarvis commented Mar 18, 2020
edited

yargs-parser v18.1.1 fixes a prototype pollution vulnerability:

? ✗ Medium severity vuln found in yargs-parser@16.1.0, introduced via meow@6.0.1
    Description: Prototype Pollution
    Info: https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381
    From: meow@6.0.1 > yargs-parser@16.1.0

https://app.snyk.io/vuln/SNYK-JS-YARGSPARSER-560381
yargs/yargs-parser#258

Thanks! 😊

@sindresorhus sindresorhus changed the title deps: Bump yargs-parser to v18.1.1 (fixes vulnerability) Update yargs-parser dependency Mar 19, 2020
@sindresorhus sindresorhus merged commit 4527b45 into sindresorhus:master Mar 19, 2020
@sindresorhus
Copy link
Owner

I'm merging this to silence the warning for people, but I strongly disagree that this is a vulnerability, and also, Snyk is not a trusted source: https://twitter.com/sindresorhus/status/1123986529498664961

@snyk-bot snyk-bot mentioned this pull request Mar 22, 2020
Merged
@xtqqczze xtqqczze mentioned this pull request May 2, 2020
Merged
This was referenced May 5, 2020
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@jakejarvis @sindresorhus