[Snyk] Upgrade yargs from 16.2.0 to 17.7.2

[Woodpile37]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade yargs from 16.2.0 to 17.7.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

Warning: This is a major version upgrade, and may be a breaking change.

• The recommended version is 36 versions ahead of your current version.
• The recommended version was released 2 months ago, on 2023-04-27.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	375/1000 Why? CVSS 7.5	No Known Exploit
	Prototype Pollution SNYK-JS-Y18N-1021887	375/1000 Why? CVSS 7.5	Proof of Concept
	Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	375/1000 Why? CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	375/1000 Why? CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HIGHLIGHTJS-1048676	375/1000 Why? CVSS 7.5	No Known Exploit
	Authentication Bypass SNYK-JS-HTTPAUTH-471683	375/1000 Why? CVSS 7.5	No Known Exploit
	Prototype Poisoning SNYK-JS-QS-3153490	375/1000 Why? CVSS 7.5	Proof of Concept
	Denial of Service (DoS) npm:mem:20180117	375/1000 Why? CVSS 7.5	No Known Exploit
	Prototype Pollution SNYK-JS-JSON5-3182856	375/1000 Why? CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-JSON5-3182856	375/1000 Why? CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-JSON5-3182856	375/1000 Why? CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	375/1000 Why? CVSS 7.5	No Known Exploit
	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	375/1000 Why? CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: yargs

• 17.7.2 - 2023-04-27
  

  17.7.2 (2023-04-27)

  Bug Fixes

  • do not crash completion when having negated options (#2322) (7f42848)
• 17.7.1 - 2023-02-21
  

  17.7.1 (2023-02-21)

  Bug Fixes

  • address display bug with default sub-commands (#2303) (9aa2490)
• 17.7.0 - 2023-02-16
  

  17.7.0 (2023-02-13)

  Features

  • add method to hide option extras (#2156) (2c144c4)
  • convert line break to whitespace for the description of the option (#2271) (4cb41dc)

  Bug Fixes

  • copy the description of the option to its alias in completion (#2269) (f37ee6f)
• 17.6.2 - 2022-11-03
  

  17.6.2 (2022-11-03)

  Bug Fixes

  • deps: update dependency yargs-parser to v21.1.1 (#2231) (75b4d52)
  • lang: typo in Finnish unknown argument singular form (#2222) (a6dfd0a)
• 17.6.1 - 2022-11-02
  

  17.6.1 (2022-11-02)

  Bug Fixes

  • lang: fix "Not enough non-option arguments" message for the Czech language (#2242) (3987b13)
• 17.6.0 - 2022-10-01
• 17.5.1 - 2022-05-16
• 17.5.0 - 2022-05-11
• 17.4.1 - 2022-04-09
• 17.4.0 - 2022-03-19
• 17.3.1 - 2021-12-23
• 17.3.0 - 2021-11-30
• 17.2.1 - 2021-09-25
• 17.2.0 - 2021-09-23
• 17.1.1 - 2021-08-13
• 17.1.1-candidate.0 - 2021-08-13
• 17.1.0 - 2021-08-04
• 17.1.0-candidate.0 - 2021-07-15
• 17.0.2-candidate.1 - 2021-07-15
• 17.0.2-candidate - 2021-07-10
• 17.0.1 - 2021-05-03
• 17.0.0 - 2021-05-02
• 17.0.0-candidate.13 - 2021-04-26
• 17.0.0-candidate.12 - 2021-04-12
• 17.0.0-candidate.11 - 2021-04-11
• 17.0.0-candidate.10 - 2021-04-04
• 17.0.0-candidate.9 - 2021-04-04
• 17.0.0-candidate.8 - 2021-03-26
• 17.0.0-candidate.7 - 2021-03-14
• 17.0.0-candidate.6 - 2021-03-11
• 17.0.0-candidate.5 - 2021-03-10
• 17.0.0-candidate.4 - 2021-03-08
• 17.0.0-candidate.3 - 2021-02-22
• 17.0.0-candidate.2 - 2021-02-16
• 17.0.0-candidate.1 - 2021-02-15
• 17.0.0-candidate.0 - 2021-01-09
• 16.2.0 - 2020-12-05

from yargs GitHub release notes

Commit messages

Package name: yargs

• e1760e4 chore: v17.7.2 release
• 3566b84 chore(main): release 17.7.2 (Mistake in code style OpenZeppelin/openzeppelin-contracts#2323)
• 7f42848 fix: do not crash completion when having negated options (Bug in ERC20 Token OpenZeppelin/openzeppelin-contracts#2322)
• 2b6ba31 chore(main): release 17.7.1 (Update AccessControl.test.js OpenZeppelin/openzeppelin-contracts#2304)
• 9aa2490 fix: address display bug with default sub-commands (Update AccessControl.sol OpenZeppelin/openzeppelin-contracts#2303)
• 663c1b6 chore(main): release 17.7.0 ( error::Cannot read property 'value' of undefined when develop the contract OpenZeppelin/openzeppelin-contracts#2285)
• 4cb41dc feat: convert line break to whitespace for the description of the option (requireReceptionAck parameter is required when _mint for ERC20 compatible OpenZeppelin/openzeppelin-contracts#2271)
• 7dc1086 test: mock additional hasColors method introduced in Node 16 (Feature/Access Control - Roles By Account #2139 OpenZeppelin/openzeppelin-contracts#2297)
• f37ee6f fix: copy the description of the option to its alias in completion ([Security] Bump websocket-extensions from 0.1.3 to 0.1.4 OpenZeppelin/openzeppelin-contracts#2269)
• 1fd530a chore: add en strings for unknown command (Remove TokenVesting reference from TokenTimelock docstrings OpenZeppelin/openzeppelin-contracts#2262)
• 2c144c4 feat: add method to hide option extras (utils/String fromUint256 should probably be toString OpenZeppelin/openzeppelin-contracts#2156)
• 6cb69fb build: pin npm version (#2284)
• 2e0ef3c chore(main): release 17.6.2 (Add a .call wrapper with Solidity function call checks OpenZeppelin/openzeppelin-contracts#2260)
• a6dfd0a fix(lang): typo in Finnish unknown argument singular form (Bump ethereumjs-util from 6.2.0 to 7.0.0 OpenZeppelin/openzeppelin-contracts#2222)
• cb02c36 docs: add Typescript example for .terminalWidth() ([Security] Bump acorn from 6.4.0 to 6.4.1 OpenZeppelin/openzeppelin-contracts#2224)
• a1b2eb7 docs: add Typescript example for .terminalWidth() ([Security] Bump acorn from 6.4.0 to 6.4.1 OpenZeppelin/openzeppelin-contracts#2224)
• 75b4d52 fix(deps): update dependency yargs-parser to v21.1.1 (Change Solidity version in Address.sol from 0.6.2 back to 0.6.0 OpenZeppelin/openzeppelin-contracts#2231)
• bc84a61 build: GitHub Workflows security hardening (Bump ethereumjs-util from 7.0.0 to 7.0.1 OpenZeppelin/openzeppelin-contracts#2238)
• f727e71 chore(main): release 17.6.1 (Modify token presets "mint" function as virtual to allow extending OpenZeppelin/openzeppelin-contracts#2257)
• b8c9eda fix(deno): refactor to avoid prompts during module import (IERC721Receiver should be an 'interface' OpenZeppelin/openzeppelin-contracts#2217)
• 1deed85 chore(deps): update dependency @ types/node to v18 (Update start docs command line OpenZeppelin/openzeppelin-contracts#2255)
• 3987b13 fix(lang): fix "Not enough non-option arguments" message for the Czech language (Support for native-meta transaction in contract3.X standard OpenZeppelin/openzeppelin-contracts#2242)
• 6cd8e2d chore(main): release 17.6.0 (Merge v2.5.1 into v3.0.0 OpenZeppelin/openzeppelin-contracts#2213)
• 38e8df1 fix(deps): cliui with forced strip-ansi update (Added Documentation as per NatSpec OpenZeppelin/openzeppelin-contracts#2241)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[changeset-bot]

⚠️ No Changeset found

Latest commit: d9d2a59

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR