Prototype pollution in yargs-parser

Question

Prototype pollution in yargs-parser

Opened this issue 3 years ago · 1 comments

Bratelion commented 3 years ago

Operating System: MacOSX 11.4 (Big Sur)
Node Version: 14.17.3
NPM Version: 6.14.13
webpack Version: 4.41.5
webpack-command Version: 0.5.1

Expected Behavior

Dependencies should not have possible Prototype Pollution issues

Actual Behavior

How Do We Reproduce?

Running yarn audit or npm audit in command window should show one of the Moderate issues : Prototype Pollution in yargs-parser.

How To Fix?

Update meow to a version 7.0 or above, since those versions use yargs-parser v18.1.3 and above, that state they have patched this issue in those versions.

Answer 1 · 2021-12-07T12:43:38.000Z

This is one of those "vulnerabilities" that isn't.
Dont get too hung up on these for local development tools. Sorry, won't be resolving this anytime soon.