Hi, could you please remove yargs as a dependency and use something else instead?
A core dependency of yargs, yargs-parser not only has vulnerabilities in the specific version you use, but seemingly hasn't been updated at all in the last two years, merge requests with additional fixes being ignored. I don't believe yargs should be trusted as a dependency when this is allowed.
Hi, could you please remove
yargsas a dependency and use something else instead?A core dependency of
yargs,yargs-parsernot only has vulnerabilities in the specific version you use, but seemingly hasn't been updated at all in the last two years, merge requests with additional fixes being ignored. I don't believeyargsshould be trusted as a dependency when this is allowed.