Skip to content
This repository has been archived by the owner on Jul 24, 2024. It is now read-only.

chore(deps): update sass-graph to 3.0.5 to fix yargs-parser vulnerability #2921

Closed
wants to merge 1 commit into from
Closed

chore(deps): update sass-graph to 3.0.5 to fix yargs-parser vulnerability #2921

wants to merge 1 commit into from

Conversation

patomation
Copy link

Hello,

I wanted to update sass-graph to 3.0.5 the current version is 2.2.5.
This would update latest version of yargs-parser which will do away with the prototype vulnerability audit warnings.
As far as I can tell 2.2.6 was also released at the same time as 3.0.5 with the yargs updates. So maybe it's a better idea to update to just 2.2.6. But I still get a warning telling me to update to 3.0.5 when I tried it.

If it doesn't hurt anything maybe its not a bad idea to update to the latest version. Thoughts?

@xzyfer
Copy link
Contributor

xzyfer commented May 14, 2020

2.2.5 has the patched version of yargs.

@xzyfer xzyfer closed this May 14, 2020
@patomation
Copy link
Author

2.2.5 still has the warning

@patomation
Copy link
Author

Ah, I have other things that depend of a different version of yargs. My bad.

This was referenced Nov 30, 2023
Open
Open
@enterstudio enterstudio mentioned this pull request Dec 1, 2023
Open
@LadyK-21 LadyK-21 mentioned this pull request Feb 11, 2024
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@patomation @xzyfer