[Snyk] Security upgrade yargs from 12.0.2 to 13.1.0
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this Merge Request
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
Severity | Issue | Breaking Change | Exploit Maturity |
---|---|---|---|
Prototype Pollution SNYK-JS-YARGSPARSER-560381 |
Yes | Proof of Concept |
Commit messages
Package name: yargs
The new version differs by 39 commits.- 706fc7a chore(release): 13.1.0
- 95700d6 test: add tests for alias behavior, based on conversations today (#1291)
- f45a817 chore: slight refactor of approach being used, add support for per-command
- 5be206a feat: add applyBeforeValidation, for applying sync middleware before validation
- cc8af76 chore(release): 13.0.0
- e9dc3aa feat: options/positionals with leading '+' and '0' no longer parse as numbers (#1286)
- ef16792 chore: drop Node 6 from testing matrix (#1287)
- f25de4f chore: update dependencies (#1284)
- 6916ce9 feat: adds config option for sorting command output (#1256)
- 7b200d2 chore: increase test timeout for windows
- 64af518 fix: middleware added multiple times due to reference bug (#1282)
- 61f1b25 doc: update docs to reflect new parserConfiguration method (#1280)
- 3c6869a feat: Add `.parserConfiguration()` method, deprecating package.json config (#1262)
- da75ea2 fix: better bash path completion (#1272)
- e0c62c8 doc: edit help example to align with actual output (#1271)
- bc0ee40 chore: address @aorinevo's code review so that we can land
- f3a4e4f feat: support promises in middleware
- 64a0d7e docs: Testing command modules (#1267)
- 0510fe6 fix(validation): Use the error as a message when none exists otherwise (#1268)
- 27bf739 fix(deps): Update os-locale to avoid security vulnerability (#1270)
- 54e165d docs(advanced): document non-singleton use, .exit() and parsed (#1251)
- 8789bf4 chore(release): 12.0.5
- dc8d63f chore: explicit update to yargs-parser
- eacc035 fix: allows camel-case, variadic arguments, and strict mode to be combined (#1247)
Check the changes in this Merge Request to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: