Update dependency yargs to v7 - autoclosed

[mend-app-cvent]

This PR contains the following updates:

Package	Type	Update	Change
yargs (source)	dependencies	major	^4.8.0 -> ^7.0.0

By merging this PR, the below issues will be automatically resolved and closed:

Severity	CVSS Score	CVE	GitHub Issue
High	9.8	CVE-2020-7774	#8
High	7.5	CVE-2021-23343	#7
Medium	5.3	CVE-2020-7608	#4
Medium	5.3	CVE-2021-23362	#6

---

Release Notes

yargs/yargs

v7.0.0

Compare Source

⚠ BREAKING CHANGES

• node: drop Node 10 (#​1919)
• implicitly private methods are now actually private
• deprecated reset() method is now private (call yargs() instead).
• yargs-factory: refactor yargs-factory to use class (#​1895)
• .positional() now allowed at root level of yargs.
• coerce: coerce is now applied before validation.
• async: yargs now returns a promise if async or check are asynchronous.
• middleware: global middleware now applied when no command is configured.
• #​1823 contains the following breaking API changes:
  • now returns a promise if handler is async.
  • onFinishCommand removed, in favor of being able to await promise.
  • getCompletion now invokes callback with err and `completions, returns promise of completions.

Features

• add commands alias (similar to options function) (#​1850) (00b74ad)
• add parseSync/parseAsync method (#​1898) (6130ad8)
• add support for showVersion, similar to showHelp (#​1831) (1a1e2d5)
• adds support for async builder (#​1888) (ade29b8), closes #​1042
• allow calling standard completion function from custom one (#​1855) (31765cb)
• allow default completion to be referenced and modified, in custom completion (#​1878) (01619f6)
• async: add support for async check and coerce (#​1872) (8b95f57)
• improve support for async/await (#​1823) (169b815)
• locale: add Ukrainian locale (#​1893) (c872dfc)
• middleware: async middleware can now be used before validation. (e0f9363)
• middleware: global middleware now applied when no command is configured. (e0f9363)
• node: drop Node 10 (#​1919) (5edeb9e)

Bug Fixes

• always cache help message when running commands (#​1865) (d57ca77), closes #​1853
• async: don't call parse callback until async ops complete (#​1896) (a93f5ff), closes #​1888
• builder: apply default builder for showHelp/getHelp (#​1913) (395bb67), closes #​1912
• builder: nested builder is now awaited (#​1925) (b5accd6)
• coerce: options using coerce now displayed in help (#​1911) (d2128cc), closes #​1909
• completion script name clashing on bash (#​1903) (8f62d9a)
• deno: use actual names for keys instead of inferring (#​1891) (b96ef01)
• exclude positionals from default completion (#​1881) (0175677)
• https://github.com/yargs/yargs/issues/1841#issuecomment-804770453 (b96ef01)
• showHelp() and .getHelp() now return same output for commands as --help (#​1826) (36abf26)
• zsh completion is now autoloadable (#​1856) (d731f9f)

Code Refactoring

• coerce: coerce is now applied before validation. (8b95f57)
• deprecated reset() method is now private (call yargs() instead). (376f892)
• implicitly private methods are now actually private (376f892)
• yargs-factory: refactor yargs-factory to use class (#​1895) (376f892)

v6.6.0

Compare Source

Bug Fixes

• [object Object] was accidentally being populated on options object (#​736) (f755e27)
• do not use cwd when resolving package.json for yargs parsing config (#​726) (9bdaab7)

Features

• implement conflicts() for defining mutually exclusive arguments; thanks @​madcampos! (#​741) (5883779)
• split demand() into demandCommand()/demandOption() (#​740) (66573c8)
• support for positional argument aliases (#​727) (27e1a57)

v6.5.0

Compare Source

Bug Fixes

• still freeze/unfreeze if parse() is called in isolation (#​717) (30a9492)

Features

• pull in yargs-parser introducing additional settings (#​688), and fixing #​716 (#​722) (702995a)

v6.4.0

Compare Source

Bug Fixes

• locales: correct some Russian translations (#​691) (a980671)

Features

• locales: Added Belarusian translation (#​690) (68dac1f)
• locales: Create nl.json (#​687) (46ce1bb)
• update to yargs-parser that addresses #​598, #​617 (#​700) (54cb31d)
• yargs is now passed as the third-argument to fail handler (#​613) (21b74f9)

Performance Improvements

• normalizing package data is an expensive operation (#​705) (49cf533)

v6.3.0

Compare Source

Bug Fixes

• command: subcommands via commandDir() now supported for parse(msg, cb) (#​678) (6b85cc6)

Features

• locales: Add Thai locale file (#​679) (c05e36b)

v6.2.0

Compare Source

Features

• command() now accepts an array of modules (f415388)

Bug Fixes

• add package.json to module exports (#​1818) (d783a49), closes #​1817

16.1.1 (2020-11-15)

Bug Fixes

• expose helpers for legacy versions of Node.js (#​1801) (107deaa)
• deno: get yargs working on deno@1.5.x (#​1799) (cb01c98)

v6.1.1

Compare Source

v6.0.0

Compare Source

⚠ BREAKING CHANGES

• tweaks to ESM/Deno API surface: now exports yargs function by default; getProcessArgvWithoutBin becomes hideBin; types now exported for Deno.
• find-up replaced with escalade; export map added (limits importable files in Node >= 12); yarser-parser@19.x.x (new decamelize/camelcase implementation).
• usage: single character aliases are now shown first in help output
• rebase helper is no longer provided on yargs instance.
• drop support for EOL Node 8 (#​1686)

Features

• adds strictOptions() (#​1738) (b215fba)
• helpers: rebase, Parser, applyExtends now blessed helpers (#​1733) (c7debe8)
• adds support for ESM and Deno (#​1708) (ac6d5d1)
• drop support for EOL Node 8 (#​1686) (863937f)
• i18n for ESM and Deno (#​1735) (c71783a)
• tweaks to API surface based on user feedback (#​1726) (4151fee)
• usage: single char aliases first in help (#​1574) (a552990)

Bug Fixes

• yargs: add missing command(module) signature (#​1707) (0f81024), closes #​1704

Older CHANGELOG Entries

v5.0.0

Compare Source

Bug Fixes

• default: Remove undocumented alias of default() (#​469) (b8591b2)
• remove deprecated zh.json (#​578) (317c62c)

Features

• .help() API can now enable implicit help command (#​574) (7645019)
• command: builder function no longer needs to return the yargs instance (#​549) (eaa2873)
• add coerce api (#​586) (1d53ccb)
• adds recommendCommands() for command suggestions (#​580) (59474dc)
• apply .env() globally (#​553) (be65728)
• apply default builder to command() and apply fail() handlers globally (#​583) (0aaa68b)
• update yargs-parser to version 3.1.0 (#​581) (882a127)

Performance Improvements

• defer requiring most external libs until needed (#​584) (f9b0ed4)

BREAKING CHANGES

• fail is now applied globally.
• we now default to an empty builder function when command is executed with no builder.
• yargs-parser now better handles negative integer values, at the cost of handling numeric option names, e.g., -1 hello
• default: removed undocumented defaults alias for default.
• introduces a default help command which outputs help, as an alternative to a help flag.
• interpret demand() numbers as relative to executing command (#​582) (927810c)

---

• If you want to rebase/retry this PR, click this checkbox.