Skip to content
This repository has been archived by the owner on Aug 11, 2021. It is now read-only.

[Vulnerability] MEDIUM (DoS) mem@1.1.0 caused by yargs@10.0.3 #8

Open
VlkaFenryka opened this issue Jun 14, 2019 · 1 comment · May be fixed by #11
Open

[Vulnerability] MEDIUM (DoS) mem@1.1.0 caused by yargs@10.0.3 #8

VlkaFenryka opened this issue Jun 14, 2019 · 1 comment · May be fixed by #11

Comments

@VlkaFenryka
Copy link

VlkaFenryka commented Jun 14, 2019
edited

https://app.snyk.io/vuln/npm:mem:20180117
sindresorhus/memoize#14

Introduced through: npm-merge-driver@2.3.5 › yargs@10.0.3 › os-locale@2.1.0 › mem@1.1.0
advised action: update yargs to latest version to fix the issue in the dependency tree
@VlkaFenryka VlkaFenryka changed the title [Vulnerability] MEDIUM (DoS) mem@1.1.0 caused by yargs@0.6.11 [Vulnerability] MEDIUM (DoS) mem@1.1.0 caused by yargs@10.0.3 Jun 14, 2019
@andrewplan
Copy link

@zkat @eins78 @VlkaFenryka any chance this will be addressed soon? I'd like to get my team on board with this package but I won't do so until this vulnerability is fixed.

Thanks!

This was referenced Feb 12, 2020
Closed
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: update yargs to prevent mem security issue brandonocasey/npm-merge-driver
2 participants
@andrewplan @VlkaFenryka