Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

High severity vulnerability detected in dependencies #1796

Closed
kamalyzl opened this issue Nov 4, 2020 · 4 comments
Closed

High severity vulnerability detected in dependencies #1796

kamalyzl opened this issue Nov 4, 2020 · 4 comments
Labels
security

Comments

@kamalyzl
Copy link

kamalyzl commented Nov 4, 2020

A security assessment was performed and vulnerabilities were found to dependency sane

It is requested to update from version " y18n": "^4.0.0" to " y18n": "^5.0.5"

reference:
https://github.com/yargs/yargs/blob/v15.0.0/package.json
yargs/y18n#109
@bcoe bcoe closed this as completed Nov 16, 2020
@bcoe
Copy link
Member

bcoe commented Nov 16, 2020
edited

Hey @kamalyzl, thanks for taking the time to open an issue. This bug has already been patched in the latest version of yargs/y18n; are you able to upgrade potentially?

@bcoe bcoe reopened this Nov 16, 2020
@bcoe bcoe added the security label Nov 16, 2020
@SymbioticKilla
Copy link

Can you update it in Version 15? Or it is EOL Version?
Thanks!

@bcoe bcoe closed this as completed Dec 1, 2020
@bcoe
Copy link
Member

bcoe commented Dec 1, 2020

@kamalyzl @SymbioticKilla, I've back ported the fix.

@SymbioticKilla
Copy link

@bcoe back ported means it will be also released for 15.x version?

@jmanso-godaddy jmanso-godaddy mentioned this issue Jan 27, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bcoe @kamalyzl @SymbioticKilla