Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update yargs to ^17.2.0 #255

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Update yargs to ^17.2.0 #255

wants to merge 2 commits into from

Conversation

blown-capacitor
Copy link

@blown-capacitor blown-capacitor commented Jan 15, 2021
edited
Loading

Updates yargs to address high severity security vulnerability as detailed in #252

Note

there are two failing tests, these already exist on the master branch

@Cordobo Cordobo mentioned this pull request Jan 19, 2021
Closed
@jameshschuler
Copy link

Any update on getting this merged?

@raikko01
Copy link

Any updates ?

@mapkon
Copy link

mapkon commented Oct 5, 2021

With the recent vulnerability on ansi-regex, it is critical that we merge this, since yargs has a dependency on strip-ansi which in turn has a dependency on ansi-regex. yargs > cliui > strip-ansi > ansi-regex.

@nono0481
Copy link

nono0481 commented Oct 7, 2021

Hello, the last version of yargs is 17.2.1. Maybe it's work with it ?

@mikkilevon
Copy link

Please merge this!

@blown-capacitor
Copy link
Author

Hello, the last version of yargs is 17.2.1. Maybe it's work with it ?

Updated to 17.2.1 and appears to be working based on tooling

@hankei6km hankei6km mentioned this pull request Oct 25, 2021
Open
@eAi
Copy link

eAi commented Oct 27, 2021

Please do merge this and release this - it's showing up in npm audit

@cbinput
Copy link

cbinput commented Nov 16, 2021

Yes, please merge this!

@blown-capacitor blown-capacitor changed the title Update yargs to ^16.2.0 Update yargs to ^17.2.0 Dec 7, 2021
@AlecRust
Copy link

AlecRust commented Dec 5, 2023

Pretty please?

@patelvp
Copy link

patelvp commented May 14, 2024

Can we merge this please? Thanks

@zac1st1k
Copy link

Could we merge this to resolve the vulnerability? https://security.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908

@zac1st1k zac1st1k mentioned this pull request May 30, 2024
Open
@apetrescul
Copy link

Kindly merge PR.

yargs: ^15.3.1 uses y18n: ^4.0.0 that has CVE-2020-7774: https://nvd.nist.gov/vuln/detail/CVE-2020-7774
This is fixed in yargs: ^17.2.1.

@BergerMarcin
Copy link

Kind ask to merge PR

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.