yargs-parser vulnerability #2559

nessor · 2020-05-01T08:17:52Z

Node Version: 12.16.1
NPM Version: 6.13.4
OS: Ubuntu 19.10
This is a bug
This is a modification request

Hey guys,

npm is reporting a Prototype Pollution vulnerability on the yargs-parser dependency

Low Prototype Pollution
Package yargs-parser
Patched in >=13.1.2 <14.0.0 || >=15.0.1 <16.0.0 || >=18.1.2
Dependency of webpack-dev-server [dev]
Path webpack-dev-server > yargs > yargs-parser
More info https://npmjs.com/advisories/1500

panuhorsmalahti · 2020-05-04T08:20:24Z

Fix should be to update the yargs dependency.

gbhasha · 2020-05-06T14:38:19Z

Snyk Report: https://snyk.io/test/npm/webpack-dev-server

mashpie mentioned this issue May 1, 2020

yargs-parser vulnerability (@vue/cli-service > webpack-dev-server > yargs > yargs-parser) vuejs/vue-cli#5439

Closed

AlexGustafsson mentioned this issue May 4, 2020

Update to the latest version of webpack-dev-server egoist/poi#689

Closed

Ionaru mentioned this issue May 4, 2020

fix(deps): security vulnerability in yargs-parser #2566

Merged

6 tasks

calvinlauyh mentioned this issue May 6, 2020

Problem: (Fix #134) minimist dependency has vulnerability crypto-com/thaler-docs#135

Merged

webpack locked as spam and limited conversation to collaborators May 7, 2020

alexander-akait closed this as completed in #2566 May 8, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

yargs-parser vulnerability #2559

yargs-parser vulnerability #2559

nessor commented May 1, 2020 •

edited

Loading

panuhorsmalahti commented May 4, 2020 •

edited

Loading

gbhasha commented May 6, 2020

yargs-parser vulnerability #2559

yargs-parser vulnerability #2559

Comments

nessor commented May 1, 2020 • edited Loading

panuhorsmalahti commented May 4, 2020 • edited Loading

gbhasha commented May 6, 2020

nessor commented May 1, 2020 •

edited

Loading

panuhorsmalahti commented May 4, 2020 •

edited

Loading