Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

pls upgrade to use yargs@^12.0.0 to avoid security vulnerability

See original GitHub issue

Checklist

✗ Medium severity vulnerability found in mem Description: Denial of Service (DoS) Info: https://snyk.io/vuln/npm:mem:20180117

The latest yargs contains the fix for mem

Detailed Description

swagger2openapi@2.11.7 > yargs@9.0.1 > os-locale@2.1.0 > mem@1.1.0 (even the latest is only using "yargs": "^11.0.0")

Other stuff

Issue Analytics

State:
Created 5 years ago
Comments:8 (5 by maintainers)

Top GitHub Comments

2reactions

MikeRalphsoncommented, Nov 15, 2018

v3.2.14 published. Apologies for the confusion.

2reactions

MikeRalphsoncommented, Nov 9, 2018

We’re already using yargs ^12.0.2 in the 3.x series. Please upgrade if you can.

Top Results From Across the Web

KB5008380—Authentication updates (CVE-2021-42287)

CVE-2021-42287 addresses a security bypass vulnerability that affects the Kerberos Privilege Attribute Certificate (PAC) and allows potential attackers to ...

Fixing security vulnerabilities in npm dependencies in less ...

In my case mocha(7.1.0) -> mkdirp(0.5.1) -> minimist(0.0.8) — the vulnerable version. Resolutions key. 3) And finally the fix was: 3.1) First npm...

Known Exploited Vulnerabilities Catalog | CISA

A path traversal vulnerability in Arcadyan firmware could allow unauthenticated remote attackers to bypass authentication. It impacts many routers. Apply ...

Apple security updates - Apple Support

Name and information link Available for Release date iCloud for Windows 14.1 Windows 10 and later via the Microsoft Store 13 Dec 2022 Safari 16.2...

Oracle Security Alert Advisory - CVE-2021-44228

Oracle Security Alert Advisory - CVE-2021-44228. Description. This Security Alert addresses CVE-2021-44228, a remote code execution vulnerability in Apache ...