-
-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
🔒 Security: Upgrade yargs-parser and yargs to latest stable version #4903
Comments
Snyk scan is also flagging Mocha ReDos as a High Risk Vulnerability: |
This issue hasn't had any recent activity, and I'm labeling it |
This issue hasn't had any recent activity, and I'm labeling it |
Any news about updating yargs-* to latest stable version? |
This issue hasn't had any recent activity, and I'm labeling it |
Any news about updating yargs-* to latest stable version? |
Marking as accepting PRs. Note that Mocha's current major version supports Node 14, so any version of a new package must also support 14. |
As with #5148 (comment):
|
Currently the [email protected] version has not upgraded its yarg-parser and yargs which is causing a security vulnerability (NO-CVE: Regular Expression Denial Of Service (ReDoS)) . Please help upgrade both to the most stable version as of current date. Thank you . Attached are the vulnerability and the most stable release in the npm package library
The text was updated successfully, but these errors were encountered: