Current version of Yargs has vulnerable dependency

Question

Current version of Yargs has vulnerable dependency

Opened this issue 4 years ago · 0 comments

Abirami-Selvanathan commented 4 years ago

CVE-2020-7608 (NVD) - Medium level vulnerability

React native schemes manager are still using yargs 13.2.1, which internally uses yargs-parser vulnerable version which was mentioned in CVE-2020-7608.

Are we gonna update yargs version in the upcoming release?