[Snyk] Upgrade yargs from 14.2.0 to 14.2.3

Open snyk-bot opened this issue 5 years ago • 0 comments

Snyk has created this PR to upgrade yargs from 14.2.0 to 14.2.3.

merge advice

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 3 versions ahead of your current version.
The recommended version was released 5 months ago, on 2020-03-13.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-YARGSPARSER-560381	387/1000 Why? Proof of Concept exploit, CVSS 5.6	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: yargs

14.2.3 - 2020-03-13
14.2.2 - 2019-11-19
14.2.1 - 2019-10-30
14.2.0 - 2019-10-07

from yargs GitHub release notes

Commit messages

Package name: yargs

32a460a chore: bump version
37bd507 fix: __proto__ will now be replaced with ___proto___ in parse
9190d03 fix: addresses bug caused by delete being called on frozen object (#1485)
2fe88f5 chore(release): 14.2.1
e78e76e fix: stop-parse was not being respected by commands (#1459)

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Aug 28 '20 06:08 snyk-bot