Skip to content

🔒 Security: Upgrade yargs-parser and yargs to latest stable version #4903

@deathstar1708

Description

@deathstar1708

Currently the mocha@10.0.0 version has not upgraded its yarg-parser and yargs which is causing a security vulnerability (NO-CVE: Regular Expression Denial Of Service (ReDoS)) . Please help upgrade both to the most stable version as of current date. Thank you . Attached are the vulnerability and the most stable release in the npm package library
image
image

Metadata

Metadata

Labels

area: securityinvolving vulnerabilitiessemver-minorimplementation requires increase of "minor" version number; "features"status: accepting prsMocha can use your help with this one!

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions