[Snyk] Fix for 1 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • cyclic-dep/package.json
  • cyclic-dep/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Issue	Breaking Change	Exploit Maturity
	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept

Commit messages

Package name: term-ng

The new version differs by 16 commits.

• 0fe9c55 0.8.4
• 6d1c025 Update yargs
• 4dbbe68 Merge branch 'master' into develop
• b268d6c Merge branch 'release/v0.8.3'
• dbe7fec Update and polish
• 3c9d80a 0.8.3
• d47627b Update and polish
• 381b794 Merge branch 'release/v0.8.2'
• 81dc7f6 Merge branch 'master' into develop
• a11fabc Update package
• cf77189 Update module
• fae702f Fix eslint
• 9db51a4 Merge branch 'greenkeeper/truwrap-0.8.0' of https://github.com/MarkGriffiths/term-ng into develop
• 8a83288 fix(package): update truwrap to version 0.8.0
• d4554d0 Merge branch 'release/v0.8.1'
• e430e29 Merge branch 'master' into develop

See the full diff

Package name: truwrap

The new version differs by 23 commits.

• c37a889 0.8.3
• 80dae6e Update docs
• c23f02a Update deps
• c3e2a46 Update travis
• 0c7ec0c Update cli help
• c075646 Update and polish
• f5ef179 Update and polish
• 9f1e641 Merge branch 'master' into develop
• 6916e21 Merge branch 'release/v0.8.2'
• 0492de1 Update package
• 3987114 Fix xo
• 5b4f044 Update package
• c32c780 Merge branch 'greenkeeper/documentation-9.0.0' of https://github.com/MarkGriffiths/truwrap into develop
• 96319e3 Merge branch 'greenkeeper/deep-assign-3.0.0' of https://github.com/MarkGriffiths/truwrap into develop
• ad92d42 Merge branch 'greenkeeper/ansi-regex-4.0.0' of https://github.com/MarkGriffiths/truwrap into develop
• 5fda155 chore(package): update lockfile package-lock.json
• c1c0244 chore(package): update documentation to version 9.0.0
• 2f9a53b chore(package): update lockfile package-lock.json
• a8b76e3 fix(package): update deep-assign to version 3.0.0
• d1c92be chore(package): update lockfile package-lock.json
• 15754d7 fix(package): update ansi-regex to version 4.0.0
• 8f27da9 Merge branch 'release/v0.8.1'
• b0316d9 Merge branch 'master' into develop

See the full diff

Package name: yargs

The new version differs by 74 commits.

• 706fc7a chore(release): 13.1.0
• 95700d6 test: add tests for alias behavior, based on conversations today ([Snyk(Unlimited)] Upgrade @thebespokepixel/string from 0.5.2 to 0.5.10 #1291)
• f45a817 chore: slight refactor of approach being used, add support for per-command
• 5be206a feat: add applyBeforeValidation, for applying sync middleware before validation
• cc8af76 chore(release): 13.0.0
• e9dc3aa feat: options/positionals with leading '+' and '0' no longer parse as numbers ([Snyk(Unlimited)] Upgrade color-convert from 1.9.2 to 1.9.3 #1286)
• ef16792 chore: drop Node 6 from testing matrix ([Snyk(Unlimited)] Upgrade debug from 2.0.0 to 2.6.9 #1287)
• f25de4f chore: update dependencies ([Snyk(Unlimited)] Upgrade verbosity from 0.9.2 to 0.10.1 #1284)
• 6916ce9 feat: adds config option for sorting command output ([Snyk(Unlimited)] Upgrade node-uuid from 1.4.0 to 1.4.8 #1256)
• 7b200d2 chore: increase test timeout for windows
• 64af518 fix: middleware added multiple times due to reference bug ([Snyk(Unlimited)] Upgrade truwrap from 0.8.1 to 0.8.4 #1282)
• 61f1b25 doc: update docs to reflect new parserConfiguration method ([Snyk(Unlimited)] Upgrade term-ng from 0.8.1 to 0.8.5 #1280)
• 3c6869a feat: Add `.parserConfiguration()` method, deprecating package.json config ([Snyk(Unlimited)] Upgrade node-uuid from 1.4.0 to 1.4.8 #1262)
• da75ea2 fix: better bash path completion ([Snyk(Unlimited)] Upgrade debug from 2.0.0 to 2.6.9 #1272)
• e0c62c8 doc: edit help example to align with actual output ([Snyk(Unlimited)] Upgrade color-convert from 1.9.2 to 1.9.3 #1271)
• bc0ee40 chore: address @aorinevo's code review so that we can land
• f3a4e4f feat: support promises in middleware
• 64a0d7e docs: Testing command modules ([Snyk(Unlimited)] Upgrade truwrap from 0.8.1 to 0.8.4 #1267)
• 0510fe6 fix(validation): Use the error as a message when none exists otherwise ([Snyk(Unlimited)] Upgrade @thebespokepixel/meta from 0.2.3 to 0.2.5 #1268)
• 27bf739 fix(deps): Update os-locale to avoid security vulnerability ([Snyk(Unlimited)] Upgrade @thebespokepixel/es-tinycolor from 0.3.1 to 0.3.2 #1270)
• 54e165d docs(advanced): document non-singleton use, .exit() and parsed ([Snyk(Unlimited)] Upgrade debug from 2.0.0 to 2.6.9 #1251)
• 8789bf4 chore(release): 12.0.5
• dc8d63f chore: explicit update to yargs-parser
• eacc035 fix: allows camel-case, variadic arguments, and strict mode to be combined ([Snyk(Unlimited)] Upgrade debug from 2.0.0 to 2.6.9 #1247)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:

🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic