[Snyk] Upgrade yargs from 16.2.0 to 17.7.1 #19

Woodpile37 · 2023-03-22T04:44:50Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade yargs from 16.2.0 to 17.7.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Warning: This is a major version upgrade, and may be a breaking change.

The recommended version is 35 versions ahead of your current version.
The recommended version was released a month ago, on 2023-02-21.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Prototype Pollution SNYK-JS-UNSETVALUE-2400660	375/1000 Why? CVSS 7.5	No Known Exploit
Prototype Pollution SNYK-JS-Y18N-1021887	375/1000 Why? CVSS 7.5	Proof of Concept
Prototype Poisoning SNYK-JS-QS-3153490	375/1000 Why? CVSS 7.5	Proof of Concept
Denial of Service (DoS) npm:mem:20180117	375/1000 Why? CVSS 7.5	No Known Exploit
Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	375/1000 Why? CVSS 7.5	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	375/1000 Why? CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-HIGHLIGHTJS-1048676	375/1000 Why? CVSS 7.5	No Known Exploit
Authentication Bypass SNYK-JS-HTTPAUTH-471683	375/1000 Why? CVSS 7.5	No Known Exploit
Prototype Pollution SNYK-JS-JSON5-3182856	375/1000 Why? CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-JSON5-3182856	375/1000 Why? CVSS 7.5	Proof of Concept
Prototype Pollution SNYK-JS-JSON5-3182856	375/1000 Why? CVSS 7.5	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	375/1000 Why? CVSS 7.5	No Known Exploit
Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	375/1000 Why? CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: yargs

17.7.1 - 2023-02-21
17.7.1 (2023-02-21)

Bug Fixes
- address display bug with default sub-commands (#2303) (9aa2490)
17.7.0 - 2023-02-16
17.7.0 (2023-02-13)

Features
- add method to hide option extras (#2156) (2c144c4)
- convert line break to whitespace for the description of the option (#2271) (4cb41dc)
Bug Fixes
- copy the description of the option to its alias in completion (#2269) (f37ee6f)
17.6.2 - 2022-11-03
17.6.2 (2022-11-03)

Bug Fixes
- deps: update dependency yargs-parser to v21.1.1 (#2231) (75b4d52)
- lang: typo in Finnish unknown argument singular form (#2222) (a6dfd0a)
17.6.1 - 2022-11-02
17.6.1 (2022-11-02)

Bug Fixes
- lang: fix "Not enough non-option arguments" message for the Czech language (#2242) (3987b13)

17.6.0 - 2022-10-01

17.6.0 (2022-10-01)

Features

lang: Czech locale (#2220) (5895cf1)
usage: add YARGS_DISABLE_WRAP env variable to disable wrap (#2210) (b680ace)

Bug Fixes

deno: use 'globalThis' instead of 'window' (#2186) (#2215) (561fc7a)
deps: cliui with forced strip-ansi update (#2241) (38e8df1)
dont clobber description for multiple option calls (#2171) (f91d9b3)
typescript: address warning with objectKeys (394f5f8)

  </li>
  <li>
    <b>17.5.1</b> - 2022-05-16
  </li>
  <li>
    <b>17.5.0</b> - 2022-05-11
  </li>
  <li>
    <b>17.4.1</b> - 2022-04-09
  </li>
  <li>
    <b>17.4.0</b> - 2022-03-19
  </li>
  <li>
    <b>17.3.1</b> - 2021-12-23
  </li>
  <li>
    <b>17.3.0</b> - 2021-11-30
  </li>
  <li>
    <b>17.2.1</b> - 2021-09-25
  </li>
  <li>
    <b>17.2.0</b> - 2021-09-23
  </li>
  <li>
    <b>17.1.1</b> - 2021-08-13
  </li>
  <li>
    <b>17.1.1-candidate.0</b> - 2021-08-13
  </li>
  <li>
    <b>17.1.0</b> - 2021-08-04
  </li>
  <li>
    <b>17.1.0-candidate.0</b> - 2021-07-15
  </li>
  <li>
    <b>17.0.2-candidate.1</b> - 2021-07-15
  </li>
  <li>
    <b>17.0.2-candidate</b> - 2021-07-10
  </li>
  <li>
    <b>17.0.1</b> - 2021-05-03
  </li>
  <li>
    <b>17.0.0</b> - 2021-05-02
  </li>
  <li>
    <b>17.0.0-candidate.13</b> - 2021-04-26
  </li>
  <li>
    <b>17.0.0-candidate.12</b> - 2021-04-12
  </li>
  <li>
    <b>17.0.0-candidate.11</b> - 2021-04-11
  </li>
  <li>
    <b>17.0.0-candidate.10</b> - 2021-04-04
  </li>
  <li>
    <b>17.0.0-candidate.9</b> - 2021-04-04
  </li>
  <li>
    <b>17.0.0-candidate.8</b> - 2021-03-26
  </li>
  <li>
    <b>17.0.0-candidate.7</b> - 2021-03-14
  </li>
  <li>
    <b>17.0.0-candidate.6</b> - 2021-03-11
  </li>
  <li>
    <b>17.0.0-candidate.5</b> - 2021-03-10
  </li>
  <li>
    <b>17.0.0-candidate.4</b> - 2021-03-08
  </li>
  <li>
    <b>17.0.0-candidate.3</b> - 2021-02-22
  </li>
  <li>
    <b>17.0.0-candidate.2</b> - 2021-02-16
  </li>
  <li>
    <b>17.0.0-candidate.1</b> - 2021-02-15
  </li>
  <li>
    <b>17.0.0-candidate.0</b> - 2021-01-09
  </li>
  <li>
    <b>16.2.0</b> - 2020-12-05
  </li>
</ul>
from <a href="https://snyk.io/redirect/github/yargs/yargs/releases">yargs GitHub release notes</a>

Commit messages

Package name: yargs

1c938ae chore: v17.7.1 release
2b6ba31 chore(main): release 17.7.1 (Update AccessControl.test.js OpenZeppelin/openzeppelin-contracts#2304)
9aa2490 fix: address display bug with default sub-commands (Update AccessControl.sol OpenZeppelin/openzeppelin-contracts#2303)
663c1b6 chore(main): release 17.7.0 ( error::Cannot read property 'value' of undefined when develop the contract OpenZeppelin/openzeppelin-contracts#2285)
4cb41dc feat: convert line break to whitespace for the description of the option (requireReceptionAck parameter is required when _mint for ERC20 compatible OpenZeppelin/openzeppelin-contracts#2271)
7dc1086 test: mock additional hasColors method introduced in Node 16 (Feature/Access Control - Roles By Account #2139 OpenZeppelin/openzeppelin-contracts#2297)
f37ee6f fix: copy the description of the option to its alias in completion ([Security] Bump websocket-extensions from 0.1.3 to 0.1.4 OpenZeppelin/openzeppelin-contracts#2269)
1fd530a chore: add en strings for unknown command (Remove TokenVesting reference from TokenTimelock docstrings OpenZeppelin/openzeppelin-contracts#2262)
2c144c4 feat: add method to hide option extras (utils/String fromUint256 should probably be toString OpenZeppelin/openzeppelin-contracts#2156)
6cb69fb build: pin npm version (#2284)
2e0ef3c chore(main): release 17.6.2 (Add a .call wrapper with Solidity function call checks OpenZeppelin/openzeppelin-contracts#2260)
a6dfd0a fix(lang): typo in Finnish unknown argument singular form (Bump ethereumjs-util from 6.2.0 to 7.0.0 OpenZeppelin/openzeppelin-contracts#2222)
cb02c36 docs: add Typescript example for .terminalWidth() ([Security] Bump acorn from 6.4.0 to 6.4.1 OpenZeppelin/openzeppelin-contracts#2224)
a1b2eb7 docs: add Typescript example for .terminalWidth() ([Security] Bump acorn from 6.4.0 to 6.4.1 OpenZeppelin/openzeppelin-contracts#2224)
75b4d52 fix(deps): update dependency yargs-parser to v21.1.1 (Change Solidity version in Address.sol from 0.6.2 back to 0.6.0 OpenZeppelin/openzeppelin-contracts#2231)
bc84a61 build: GitHub Workflows security hardening (Bump ethereumjs-util from 7.0.0 to 7.0.1 OpenZeppelin/openzeppelin-contracts#2238)
f727e71 chore(main): release 17.6.1 (Modify token presets "mint" function as virtual to allow extending OpenZeppelin/openzeppelin-contracts#2257)
b8c9eda fix(deno): refactor to avoid prompts during module import (IERC721Receiver should be an 'interface' OpenZeppelin/openzeppelin-contracts#2217)
1deed85 chore(deps): update dependency @ types/node to v18 (Update start docs command line OpenZeppelin/openzeppelin-contracts#2255)
3987b13 fix(lang): fix "Not enough non-option arguments" message for the Czech language (Support for native-meta transaction in contract3.X standard OpenZeppelin/openzeppelin-contracts#2242)
6cd8e2d chore(main): release 17.6.0 (Merge v2.5.1 into v3.0.0 OpenZeppelin/openzeppelin-contracts#2213)
38e8df1 fix(deps): cliui with forced strip-ansi update (Added Documentation as per NatSpec OpenZeppelin/openzeppelin-contracts#2241)
394f5f8 fix(typescript): address warning with objectKeys
561fc7a fix(deno): use 'globalThis' instead of 'window' (Improve ERC20Snapshot documentation OpenZeppelin/openzeppelin-contracts#2186) (Reliability of the truthiness in isContract method OpenZeppelin/openzeppelin-contracts#2215)

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade yargs from 16.2.0 to 17.7.1. See this package in npm: https://www.npmjs.com/package/yargs See this project in Snyk: https://app.snyk.io/org/jwood3794/project/42e85271-ef55-46f6-963a-6e834e3dfe41?utm_source=github&utm_medium=referral&page=upgrade-pr

Woodpile37 merged commit 992a054 into release-v4.5 Jun 18, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade yargs from 16.2.0 to 17.7.1 #19

[Snyk] Upgrade yargs from 16.2.0 to 17.7.1 #19

Woodpile37 commented Mar 22, 2023

17.7.1 (2023-02-21)

Bug Fixes

17.7.0 (2023-02-13)

Features

Bug Fixes

17.6.2 (2022-11-03)

Bug Fixes

17.6.1 (2022-11-02)

Bug Fixes

17.6.0 (2022-10-01)

Features

Bug Fixes

[Snyk] Upgrade yargs from 16.2.0 to 17.7.1 #19

[Snyk] Upgrade yargs from 16.2.0 to 17.7.1 #19

Conversation

Woodpile37 commented Mar 22, 2023

Snyk has created this PR to upgrade yargs from 16.2.0 to 17.7.1.

17.7.1 (2023-02-21)

Bug Fixes

17.7.0 (2023-02-13)

Features

Bug Fixes

17.6.2 (2022-11-03)

Bug Fixes

17.6.1 (2022-11-02)

Bug Fixes

17.6.0 (2022-10-01)

Features

Bug Fixes