Bump yargs-parser to 18.1.2 or higher

[theS1LV3R]

🚀 Feature Proposal

Change yargs-parser dependency in package.json from 18.x to >18.1.1.

Motivation

yargs-parser v18.1.1 and lower has a Prototype Pollution vulnerability (see here and here)

Example

N/A

[ahnpnl]

Hi, 18.x means it will automatically pick up the latest version of 18. If you simply update your lock file to save 18.1.2, it will solve the issue.

[theS1LV3R]

I've updated my lockfile multiple times already. I am using the vue ui's vulnerability check. It gives me:

I've updated @vue/cli-plugin-unit-jest to the newest version available (4.4.6).

[theS1LV3R]

Actually, i just realised i should be bugging the vue team about this instead. Get them to use a newer version of ts-jest. Thanks anyways

[ahnpnl]

FYI vuejs/vue-jest#246 (comment)

[theS1LV3R]

Thanks!