Yargs dependency leads to vulnerable mem package
See original GitHub issueThe current "yargs": "^11.0.0"
dependency has in turn a dependency on
"os-locale": "^2.0.0",
which in turn is dependent on
"mem": "^1.1.0"
which is vulnerable.
It seems that the only wayout is: bump the version of "yargs"
to at least 12.0.0 but 13 is better.
Many thanks for adopting the stale mocha-webpack, by the way.
Issue Analytics
- State:
- Created 4 years ago
- Comments:5 (4 by maintainers)
Top Results From Across the Web
Medium severity vulnerability in mem (sub-dependency included ...
Running snyk test on yargs v12.0.1 (latest release on npm) results in: ✗ Medium severity vulnerability found in mem Description: Denial of Service...
Read more >Yargs npm - Vulnerabilities & Security Analysis - Snyk
Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS). It uses regex in the underscore and unescapeHTML methods, ......
Read more >yargs-parser Vulnerable to Prototype Pollution - Vulners
Affected versions of yargs-parser are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype ...
Read more >yarn test fails with jasmine-ts yargs dependency - Stack Overflow
package.json "resolutions": { "yargs": "^13.3.2" }. yargs could be a sub-dependency of some other module as well in your project, ...
Read more >better-npm-audit - npm
Made to allow skipping certain vulnerabilities, and any extra ... Denial of Service Package minimatch Patched in >=3.0.2 Dependency of ...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Okay, no worries 😃 I’ll handle this
@dirkroorda Done, published
mochapack@1.1.2