Current version of Yargs has vulnerable dependency
Opened this issue · 0 comments
Abirami-Selvanathan commented
CVE-2020-7608 (NVD) - Medium level vulnerability
React native schemes manager are still using yargs 13.2.1, which internally uses yargs-parser vulnerable version which was mentioned in CVE-2020-7608.
Are we gonna update yargs version in the upcoming release?