Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Updates resolve vulnerabilities found via
npm audit
``` yargs-parser <=13.1.1 || 14.0.0 - 15.0.0 || 16.0.0 - 18.1.1 Prototype Pollution - https://npmjs.com/advisories/1500 fix available via `npm audit fix --force` Will install gulp@3.9.1, which is a breaking change node_modules/yargs/node_modules/yargs-parser yargs 4.0.0-alpha1 - 12.0.5 || 14.1.0 || 15.0.0 - 15.2.0 Depends on vulnerable versions of yargs-parser node_modules/yargs gulp-cli >=2.0.0 Depends on vulnerable versions of yargs node_modules/gulp-cli gulp >=4.0.0 Depends on vulnerable versions of gulp-cli node_modules/gulp 4 low severity vulnerabilities ``` there are still "low severity" vulnerabilities in yargs-parser used by gulp, which doesn't have an attack vector: gulpjs/gulp#2438 (comment)
- Loading branch information