Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update yargs-parser dependency #137

Merged
merged 1 commit into from
Mar 19, 2020

Conversation

jakejarvis
Copy link
Contributor

@jakejarvis jakejarvis commented Mar 18, 2020

yargs-parser v18.1.1 fixes a prototype pollution vulnerability:

? ✗ Medium severity vuln found in yargs-parser@16.1.0, introduced via meow@6.0.1
    Description: Prototype Pollution
    Info: https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381
    From: meow@6.0.1 > yargs-parser@16.1.0

https://app.snyk.io/vuln/SNYK-JS-YARGSPARSER-560381
yargs/yargs-parser#258

Thanks! 😊

@sindresorhus sindresorhus changed the title deps: Bump yargs-parser to v18.1.1 (fixes vulnerability) Update yargs-parser dependency Mar 19, 2020
@sindresorhus sindresorhus merged commit 4527b45 into sindresorhus:master Mar 19, 2020
@sindresorhus
Copy link
Owner

I'm merging this to silence the warning for people, but I strongly disagree that this is a vulnerability, and also, Snyk is not a trusted source: https://twitter.com/sindresorhus/status/1123986529498664961

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants