[Snyk-dev] Fix for 2 vulnerabilities

[shaniHerz]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • test/fixtures/qs-package/node_modules/clite/node_modules/yargs/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: cliui

The new version differs by 28 commits.

• e49b32f chore(release): 5.0.0
• e1ad447 chore: fix testing when stdout does not support color-codes. (#62)
• c9dab69 force build
• 7bf79ae fix: Update wrap-ansi to fix compatibility with latest versions of chalk. (#60)
• d7494f3 docs: Replace `ui.row` with `ui.div` (#58)
• 83ada4a chore(release): 4.1.0
• c958738 chore: slight tweak to wording in README
• 7246902 feat: add resetOutput method (Detect execution inside VSTS/TFS build agent #57)
• a76e646 chore(release): 4.0.0
• 04e4b50 chore: switch to release from version
• d064922 feat: add fallback for window width (#45)
• 3e3ff71 docs: document the `text` property of a column (#50)
• 7350e36 fix: set env variable FORCE_COLOR. (#56)
• a710255 Revert "fix: downgrades strip-ansi to version 3.0.1 (#54)" (#55)
• 5764c46 fix: downgrades strip-ansi to version 3.0.1 (#54)
• b105376 chore: drop support for node < 4 (#53)
• 0afe9c9 chore(package): update nyc to version 10.0.0
• 751fb34 chore(package): update nyc to version 9.0.1
• 679964a chore(package): update standard-version to version 3.0.0 (#44)
• 94fc0a4 chore(package): update standard to version 8.0.0 (#42)
• d06d624 Merge pull request #41 from yargs/greenkeeper-nyc-8.1.0
• 60a26b9 chore(package): update nyc to version 8.1.0
• f78eb90 Merge pull request #39 from yargs/greenkeeper-mocha-3.0.0
• 1d491f6 chore(package): update mocha to version 3.0.0

See the full diff

Package name: string-width

The new version differs by 7 commits.

• 175b26f 2.1.0
• 79c4e30 Meta tweaks
• 73ba3b5 Update strip-ansi from ^3.0.0 to ^4.0.0 (#10)
• 130d0ad Add failing test for #6
• 7dd3956 Meta tweaks
• 523d7ba 2.0.0
• 14c663d ES2015ify and require Node.js 4

See the full diff

Package name: yargs-parser

The new version differs by 51 commits.

• eab6c03 chore: release 5.0.1 (feat: docker options passthrough and adoptopenjdk support #363)
• 1c417bd fix(security): address GHSA-p9pc-299p-vxgp (spike: test command paket support #362)
• e93a345 chore: mark release in commit history (Feat/add docker tag for cli docker #361)
• ee15863 chore: push new package version
• 4774207 fix: back-porting prototype fixes for *really* old version (chore: bump lockfile parser #271)
• 2c95ba9 chore(release): 5.0.0
• 5755fa5 docs: use absolute path to yargs logo
• 76cee1f fix: environment variables should take precedence over config file (#81)
• 924b014 chore(release): 4.2.1
• 276bd2b chore: upgrade standard-version
• 68d68a0 fix: flatten/duplicate regression (#75)
• 941d8f3 chore(release): 4.2.0
• ad9b3cf docs: document the new configuration settings added by @ laggingreflex (#73)
• 0b1b5f9 fix: inner objects in configs had their keys appended to top-level key when dot-notation was disabled (#72)
• 0f0fb2d feat: allow multiple arrays to be provided, rather than always combining (#71)
• 8267340 chore(package): update nyc to version 10.0.0
• 27311c0 chore(package): update nyc to version 9.0.1
• a491feb chore(release): 4.1.0
• c79052b feat: apply coercions to default options (#65)
• 02c3545 feat: handle dot notation boolean options (replace node-uuid with uuid #63)
• 2aea6e3 chore(package): update standard-version to version 3.0.0 (#61)
• 466e38b chore(release): 4.0.2
• 29d069a fix: whoops, let's make the assign not change the Object key order
• b43b7c1 chore(release): 4.0.1

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution

[github-actions]

	Warnings
⚠️	"fix: test/fixtures/qs-package/node_modules/clite/node_modules/yargs/package.json to reduce vulnerabilities" is too long. Keep the first line of your commit message under 72 characters.

Generated by 🚫 dangerJS against 23fb282