fix(deps): update dependency yargs to v13

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	References
yargs	dependencies	major	^11.0.0 -> ^13.0.0	homepage, source
@​types/yargs	devDependencies	major	^11.0.0 -> ^13.0.0	source

---

Release Notes

yargs/yargs

v13.2.2

Compare Source

v13.2.1

Compare Source

v13.2.0

Compare Source

Features

• zsh auto completion (#​1292) (16c5d25), closes #​1156

v13.1.0

Compare Source

Features

• zsh auto completion (#​1292) (16c5d25), closes #​1156

v12.0.5

Compare Source

Bug Fixes

• deps: Update os-locale to avoid security vulnerability (#​1270) (27bf739)
• validation: Use the error as a message when none exists otherwise (#​1268) (0510fe6)
• better bash path completion (#​1272) (da75ea2)
• middleware added multiple times due to reference bug (#​1282) (64af518)

Chores

• drop Node 6 from testing matrix (#​1287) (ef16792)
  • opting to not drop Node 6 support until April, see.
• update dependencies (#​1284) (f25de4f)

Features

• Add .parserConfiguration() method, deprecating package.json config (#​1262) (3c6869a)
• adds config option for sorting command output (#​1256) (6916ce9)
• options/positionals with leading '+' and '0' no longer parse as numbers (#​1286) (e9dc3aa)
• support promises in middleware (f3a4e4f)

BREAKING CHANGES

• options with leading '+' or '0' now parse as strings
• dropping Node 6 which hits end of life in April 2019
• see yargs-parser@12.0.0 CHANGELOG
• we now warn if the yargs stanza package.json is used.

12.0.5 (2018-11-19)

Bug Fixes

• allows camel-case, variadic arguments, and strict mode to be combined (#​1247) (eacc035)

12.0.4 (2018-11-10)

Bug Fixes

• don't load config when processing positionals (5d0dc92)

12.0.3 (2018-10-06)

Bug Fixes

• $0 contains first arg in bundled electron apps (#​1206) (567820b)
• accept single function for middleware (66fd6f7), closes #​1214 #​1214
• hide hidden options from help output even if they are in a group (#​1221) (da54028)
• improve Norwegian Bokmål translations (#​1208) (a458fa4)
• improve Norwegian Nynorsk translations (#​1207) (d422eb5)

12.0.2 (2018-09-04)

Bug Fixes

• middleware should work regardless of when method is called (664b265), closes #​1178
• translation not working when using __ with a single parameter (#​1183) (f449aea)
• upgrade os-locale to version that addresses license issue (#​1195) (efc0970)

12.0.1 (2018-06-29)

v12.0.4

Compare Source

Bug Fixes

• allows camel-case, variadic arguments, and strict mode to be combined (#​1247) (eacc035)

v12.0.2

Compare Source

Bug Fixes

• $0 contains first arg in bundled electron apps (#​1206) (567820b)
• accept single function for middleware (66fd6f7), closes #​1214 #​1214
• hide hidden options from help output even if they are in a group (#​1221) (da54028)
• improve Norwegian Bokmål translations (#​1208) (a458fa4)
• improve Norwegian Nynorsk translations (#​1207) (d422eb5)

v12.0.1

Compare Source

Bug Fixes

• middleware should work regardless of when method is called (664b265), closes #​1178
• translation not working when using __ with a single parameter (#​1183) (f449aea)
• upgrade os-locale to version that addresses license issue (#​1195) (efc0970)

v12.0.0

Compare Source

Bug Fixes

• .argv and .parse() now invoke identical code path (#​1126) (f13ebf4)
• remove the trailing white spaces from the help output (#​1090) (3f0746c)
• completion: Avoid default command and recommendations during completion (#​1123) (036e7c5)

Chores

• test Node.js 6, 8 and 10 (#​1160) (84f9d2b)
• upgrade to version of yargs-parser that does not populate value for unset boolean (#​1104) (d4705f4)

Features

• add support for global middleware, useful for shared tasks like metrics (#​1119) (9d71ac7)
• allow setting scriptName $0 (#​1143) (a2f2eae)
• remove setPlaceholderKeys (#​1105) (6ee2c82)

BREAKING CHANGES

• Options absent from argv (not set via CLI argument) are now absent from the parsed result object rather than being set with undefined
• drop Node 4 from testing matrix, such that we'll gradually start drifting away from supporting Node 4.
• yargs-parser does not populate 'false' when boolean flag is not passed
• tests that assert against help output will need to be updated

---

Renovate configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever PR is stale, or if you modify the PR title to begin with "rebase!".

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot. View repository job log here.

[codecov]

Codecov Report

Merging #56 into master will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##           master      #56   +/-   ##
=======================================
  Coverage   67.34%   67.34%           
=======================================
  Files           2        2           
  Lines          49       49           
  Branches        6        6           
=======================================
  Hits           33       33           
  Misses         16       16

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 73bcf23...fcde4b7. Read the comment docs.

[tpatel]

This looks like a great PR to prioritize, given that there is a vulnerability in a yargs@11.1.0 sub-dependency (https://snyk.io/test/npm/yargs/11.1.0). 👍

[lirantal]

+1 on @tpatel

Would be great if we can bump up the dependencies here as they bundle older dep versions with security issues:

Happy to help with testing or anything else if required to push this forward.

[felixfbecker]

@lirantal sure, could you test that the CLI still works?

[lirantal]

Yes, I'm on it 👍

[lirantal]

@felixfbecker I cloned, installed and built the project. Ran bin/highlight to confirm a baseline, and then upgraded the packages in this PR and ran bin/highlight again to confirm it is working the same.

[felixfbecker]

Awesome. Since this is a yargs upgrade, do CLI paramaters still work?

[lirantal]

Yep:

[felixfbecker]

Thank you!

[felixfbecker]

🎉 This PR is included in version 2.1.1 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀