[Snyk] Fix for 47 vulnerabilities

[bumplzz69]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:

  • package.json

• Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
  Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	No	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	No	Proof of Concept
	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	Remote Code Execution (RCE) SNYK-JS-HANDLEBARS-1056767	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-HANDLEBARS-1279029	No	Proof of Concept
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-HANDLEBARS-173692	No	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-HANDLEBARS-174183	No	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-HANDLEBARS-469063	No	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-HANDLEBARS-480388	No	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-HANDLEBARS-534478	No	No Known Exploit
	704/1000 Why? Has a fix available, CVSS 9.8	Prototype Pollution SNYK-JS-HANDLEBARS-534988	No	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-HANDLEBARS-567742	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	No	Proof of Concept
	644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	No	No Known Exploit
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JS-JSYAML-173999	No	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-JSYAML-174129	No	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Validation Bypass SNYK-JS-KINDOF-537849	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	No	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	No	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-MERGE-1040469	No	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-MERGE-1042987	No	Proof of Concept
	486/1000 Why? Mature exploit, Has a fix available, CVSS 2	Prototype Pollution SNYK-JS-MERGE-72553	No	Mature
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-MIXINDEEP-450212	No	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	Yes	No Known Exploit
	520/1000 Why? Has a fix available, CVSS 5.9	Denial of Service SNYK-JS-NODEFETCH-674311	Yes	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Command Injection SNYK-JS-NODENOTIFIER-1035794	No	No Known Exploit
	524/1000 Why? Has a fix available, CVSS 6.2	Denial of Service (DoS) SNYK-JS-NWSAPI-2841516	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	No	Proof of Concept
	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	Prototype Pollution SNYK-JS-PLIST-2405644	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-PROMPTS-1729737	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-SETVALUE-1540541	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-SETVALUE-450213	No	Proof of Concept
	619/1000 Why? Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-TMPL-1583443	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	Yes	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	XML External Entity (XXE) Injection SNYK-JS-XMLDOM-1084960	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-Y18N-1021887	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-YARGSPARSER-560381	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept
	469/1000 Why? Has a fix available, CVSS 5.1	Denial of Service (DoS) npm:mem:20180117	Yes	No Known Exploit
	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Regular Expression Denial of Service (ReDoS) npm:plist:20180219	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: jest

The new version differs by 152 commits.

• 634e5a5 expect: fix regression in toThrow for message prop and asymmetric matchers (Problems with React dependency on 0.26.1 facebook/react-native#7697)
• 6081f7a [jest-each] Add primitive pretty printing ([Push notifications] Add error event facebook/react-native#7694)
• 57aeaa2 chore: bump flow
• 28971c5 Ensure mocks get resolved too (Top of Text cut off when lineHeight < fontSize facebook/react-native#7687)
• 1d1c3f9 chore: upgrade docusaurus ([0.25.1][Android][Picker][BUG] On build release facebook/react-native#7691)
• 9cfcd81 make worker_threads opt-in, not opt-out (added .babelrc file facebook/react-native#7693)
• 6de22dd Update lerna configuration
• 1256f76 Fix toHaveProperty matcher for inherited properties (react-native.js: Unable to find this module in its module map or any of the node_modules directories facebook/react-native#7686)
• 967b335 fix: add option to disable `worker_threads` in `jest-worker` (react-native init <ProjectName> hangs on windows facebook/react-native#7681)
• 0e1855e chore: bump write-file-atomic again
• 0f94162 fix: upgrade `write-atomic-file` to support worker_threads (Geolocation API automatically reverts to 100m accuracy on iOS facebook/react-native#7680)
• 3e3d405 docs: using Babel 6 with Jest 24 (Add Epic Fail Videos app to Showcase section facebook/react-native#7677)
• a551b19 chore: upgrade fsevents
• 89b2f1b chore: upgrade to prettier 1.16 (New global property are no longer writable facebook/react-native#7658)
• 05e8ac0 chore: leave single 22.x in versioned docs (Make Getting Started labels a bit more clear facebook/react-native#7674)
• 71b47cf add twitter links (Fix TextInput autocorrect (#7496) facebook/react-native#7676)
• 312b42a sync doc versions on jsdom configuration (Failed to build DependencyGraph: Watchman error facebook/react-native#7675)
• c70afe2 document how to get a newer version of jsdom (Map annotations on iOS are not always centered facebook/react-native#7673)
• 1124953 Update SnapshotTesting.md (Correctly reference cwd instead of __dirname facebook/react-native#7671)
• fbd4f53 Website: Styling of backers avatars, preserve avatars proportions. (cherry-pick NavigationPropTypes.SceneRenderer bugfix facebook/react-native#7665)
• 2434d47 fix: Pass `watchPathIgnorePatterns` to Haste instance (Fix tab in Examples/UIExplorer/SwitchExample.js facebook/react-native#7585)
• 6880611 Correctly bundle up for browser globals ([NavigationExperimental] Android support? facebook/react-native#7661)
• 6c3d998 chore: Add performance benchmark to `diff-sequences` package (Vertically center iOS text if lineHeight is set facebook/react-native#7603)
• f4cf46a Dmitrii Abramov is now Aaron Abramov (require function without full commonjs leads to footguns facebook/react-native#7663)

See the full diff

Package name: jest-junit

The new version differs by 30 commits.

• 47650f5 Merge pull request [Snyk] Security upgrade yeoman-environment from 1.5.3 to 2.0.0 #82 from palmerj3/v6.2.0
• 3c2cb50 v6.2.0
• b669bbe Merge pull request [Snyk] Security upgrade jest from 24.0.0-alpha.6 to 24.0.0 #81 from palmerj3/upgradeJest
• 6f270c0 Remove jest-config
• d00e122 chore: install babel-jest on CI to avoid hoisting bugs
• 62ac24e Upgrade jest, jest-config, jest-validate to 24
• 9882c33 Merge pull request [Snyk] Fix for 3 vulnerabilities #79 from palmerj3/6.1.0
• 7dda343 v6.1.0
• 860f7ef Merge pull request [Snyk] Fix for 2 vulnerabilities #72 from lalugeo/master
• 3a82918 removed package.lock
• 3da1128 Merge pull request [Snyk] Fix for 1 vulnerabilities #76 from palmerj3/v6.0.1
• 6dc1a65 v6.0.1
• 49d30fd Merge pull request [Snyk] Fix for 1 vulnerabilities #75 from jest-community/revert-71-file-attr
• b026223 Revert "Add file attr"
• 8d070d8 using node-xml for generating prolog
• 43695d7 Merge pull request [Snyk] Fix for 2 vulnerabilities #73 from palmerj3/v6
• dee72c0 updated readme
• 010be8d removed options, hardcoded prolog
• 95db481 v6.0.0
• 0fb5aec Merge pull request [Snyk] Fix for 2 vulnerabilities #71 from mtsmfm/file-attr
• fdde81b * fix bug in xml prolog
• 6653fb8 * final output writing added with prolog
• 8ab3d6a Add file attr
• 8e3205f Merge pull request [Snyk] Security upgrade jest from 24.0.0-alpha.6 to 24.0.0 #70 from mtsmfm/fix-filepath

See the full diff

Package name: mkdirp

The new version differs by 4 commits.

• b2e7ba0 0.5.2
• c5b97d1 bump minimist to 1.2 to fix security issue
• f2003bb test: add v4 and v5 to travis
• b8629ff tools: update tap + mock-fs. Fix broken test

See the full diff

Package name: node-fetch

The new version differs by 47 commits.

• 1ef4b56 backport of [Docs] update JS environment documentation for Babel facebook/react-native#1449 ([UIExplorer] Update SegmentedControlIOSExample.js facebook/react-native#1453)
• 8fe5c4e 2.x: Specify encoding as an optional peer dependency in package.json (for SegmentedControlIOS component,onChange(event),event.nativeEvent =null facebook/react-native#1310)
• f56b0c6 fix(URL): prefer built in URL version when available and fallback to whatwg (TouchableWithoutFeedback with custom component inside doesn't fires onPress callback facebook/react-native#1352)
• b5417ae fix: import whatwg-url in a way compatible with ESM Node (RCTAdSupport uses advertisingidentifier which triggers Apple's automated detection upon submit facebook/react-native#1303)
• 18193c5 fix v2.6.3 that did not sending query params (Updates fri 15 may facebook/react-native#1301)
• ace7536 fix: properly encode url with unicode characters (Unable to create Navigator via onPress? facebook/react-native#1291)
• 152214c Fix(package.json): Corrected main file path in package.json (Automatic cookies facebook/react-native#1274)
• b5e2e41 update version number
• 2358a6c Honor the `size` option after following a redirect and revert data uri support
• 8c197f8 docs: Fix typos and grammatical errors in README.md (Contacts API facebook/react-native#686)
• 1e99050 fix: Change error message thrown with redirect mode set to error ([Headers] Add an umbrella header for the library facebook/react-native#653)
• 244e6f6 docs: Show backers in README
• 6a5d192 fix: Properly parse meta tag when parameters are reversed (Xcode build failed because of missing library (RCTGeolocation) facebook/react-native#682)
• 47a24a0 chore: Add opencollective badge
• 7b13662 chore: Add funding link
• 5535c2e fix: Check for global.fetch before binding it (Missing comma facebook/react-native#674)
• 1d5778a docs: Add Discord badge
• eb3a572 feat: Data URI support ((docs) Resubmitted PR - Update docs for grammar and punctuation facebook/react-native#659)
• 086be6f Remove --save option as it isn't required anymore (Updates from Wed 1 Apr facebook/react-native#581)
• 95286f5 v2.6.0 (UICollectionView? facebook/react-native#638)
• bf8b4e8 Allow agent option to be a function (Can not see the images on the web page facebook/react-native#632)
• 0c2294e 2.5.0 release ((update) Install watchman w/ --HEAD to avoid error facebook/react-native#630)
• 0fc414c Allow third party blob implementation ((update) Typo in Watchman facebook/react-native#629)
• d8f5ba0 build: disable generation of package-lock since it is not used (missing require('RCTDeviceEventEmitter'); facebook/react-native#623)

See the full diff

Package name: node-notifier

The new version differs by 61 commits.

• ae03eed v5.4.5
• 2cdb290 patch: fixes security issue with non-escaping inputs [GHSL-2020-373]
• 93fa026 v5.4.4
• c4b8ade patch: fixes possible injection issue for notify-send
• 1101e6d Update version to v5.4.3
• d204329 Revert "Fixes tests after mapping change"
• 9a1fc72 Update lock file after audit
• 8769921 Revert "Bumps all dependencies"
• 3ae8fd7 Merge pull request Can I write extension in Swift instead of Objective-C? facebook/react-native#284 from mikaelbr/revert-271-overwritable-timeout
• 5c48dc8 Revert "Allow timeout: false to remove a timeout"
• 722f9d9 Revert "Remove node 6 from travis run"
• 12d971d Revert "v5.4.2"
• d907d54 Revert "Revert "Fixes tests after mapping change""
• b9946dc Merge pull request Add note about Android support facebook/react-native#271 from jnielson94/overwritable-timeout
• 698c103 Merge branch 'master' into overwritable-timeout
• fd851c8 Remove node 6 from travis run
• c153da9 Updates changelog
• 378077c v5.4.2
• 8f136d9 Bumps all dependencies
• 2bbcc2d Revert "Fixes tests after mapping change"
• 64decfb v5.4.1
• e271899 Revert "Adds default timeout to notification center"
• 3fefdf3 Merge pull request Document that we're using Babel facebook/react-native#274 from Aarbel/patch-1
• ae64c68 Add event doc on notifier.onclick

See the full diff

Package name: plist

The new version differs by 23 commits.

• 5e0d06e 3.0.4
• fa8e184 inline xmldom@0.6.0 to avoid false positive security message. Fixes Bump minimist from 1.2.0 to 1.2.6 #110, [Snyk] Security upgrade jest from 24.0.0-alpha.6 to 24.0.0 #111
• a0bd0d0 3.0.3
• dfb43f4 Merge pull request [Snyk] Fix for 1 vulnerabilities #109 from minhnguyen0712/master
• 5af9758 ⬆️ Bump xmldom
• 5877ec7 remove flaky saucelabs testing status badge
• 276c657 3.0.2
• 9b6af11 revert mocha because newer versions don't run on node versions this old
• e828f84 update deps
• e7b0394 removing safari because I can't get it to run in sauce with zuul
• c33edbe try an older version of safari
• 1f13bd7 revert sauce connect
• 6fa1022 specify specific tunnel id for sauce
• ee3c545 revert zuul dependency to see if that fixes saucelabs build
• e538eb4 reduce travis testing matrix size
• eb28b45 adding sauceconnect to see if that solves the local tunnel problem
• 3a8004a update saucelabs credentials in travis file
• 56c5a74 travis: revert config
• eaf1ca7 move saucelabs credentials to travis env variables
• eaf1af8 update minor deps
• 3821f55 update travis config to fix all warnings
• 9ec848e update sauce labs integration using my account
• af45b08 give credit to sauce labs for providing free open source testing resources

See the full diff

Package name: pretty-format

The new version differs by 152 commits.

• 634e5a5 expect: fix regression in toThrow for message prop and asymmetric matchers (Problems with React dependency on 0.26.1 facebook/react-native#7697)
• 6081f7a [jest-each] Add primitive pretty printing ([Push notifications] Add error event facebook/react-native#7694)
• 57aeaa2 chore: bump flow
• 28971c5 Ensure mocks get resolved too (Top of Text cut off when lineHeight < fontSize facebook/react-native#7687)
• 1d1c3f9 chore: upgrade docusaurus ([0.25.1][Android][Picker][BUG] On build release facebook/react-native#7691)
• 9cfcd81 make worker_threads opt-in, not opt-out (added .babelrc file facebook/react-native#7693)
• 6de22dd Update lerna configuration
• 1256f76 Fix toHaveProperty matcher for inherited properties (react-native.js: Unable to find this module in its module map or any of the node_modules directories facebook/react-native#7686)
• 967b335 fix: add option to disable `worker_threads` in `jest-worker` (react-native init <ProjectName> hangs on windows facebook/react-native#7681)
• 0e1855e chore: bump write-file-atomic again
• 0f94162 fix: upgrade `write-atomic-file` to support worker_threads (Geolocation API automatically reverts to 100m accuracy on iOS facebook/react-native#7680)
• 3e3d405 docs: using Babel 6 with Jest 24 (Add Epic Fail Videos app to Showcase section facebook/react-native#7677)
• a551b19 chore: upgrade fsevents
• 89b2f1b chore: upgrade to prettier 1.16 (New global property are no longer writable facebook/react-native#7658)
• 05e8ac0 chore: leave single 22.x in versioned docs (Make Getting Started labels a bit more clear facebook/react-native#7674)
• 71b47cf add twitter links (Fix TextInput autocorrect (#7496) facebook/react-native#7676)
• 312b42a sync doc versions on jsdom configuration (Failed to build DependencyGraph: Watchman error facebook/react-native#7675)
• c70afe2 document how to get a newer version of jsdom (Map annotations on iOS are not always centered facebook/react-native#7673)
• 1124953 Update SnapshotTesting.md (Correctly reference cwd instead of __dirname facebook/react-native#7671)
• fbd4f53 Website: Styling of backers avatars, preserve avatars proportions. (cherry-pick NavigationPropTypes.SceneRenderer bugfix facebook/react-native#7665)
• 2434d47 fix: Pass `watchPathIgnorePatterns` to Haste instance (Fix tab in Examples/UIExplorer/SwitchExample.js facebook/react-native#7585)
• 6880611 Correctly bundle up for browser globals ([NavigationExperimental] Android support? facebook/react-native#7661)
• 6c3d998 chore: Add performance benchmark to `diff-sequences` package (Vertically center iOS text if lineHeight is set facebook/react-native#7603)
• f4cf46a Dmitrii Abramov is now Aaron Abramov (require function without full commonjs leads to footguns facebook/react-native#7663)

See the full diff

Package name: ws

The new version differs by 250 commits.

• 6dd88e7 [dist] 5.2.3
• 76d47c1 [security] Fix ReDoS vulnerability
• 5d55e52 [dist] 5.2.2
• 8aba871 [fix] Fix use after invalidation bug
• 175ce46 [dist] 5.2.1
• 307be7a [fix] Remove the `'data'` listener when the receiver emits an error
• 6046a28 [fix] Do not prematurely remove the listener of the `'data'` event
• bf9b2ec chore(package): update nyc to version 12.0.2 (Add doc warning stating that TouchableOpacity can only support a single child facebook/react-native#1395)
• bcab531 chore(package): update eslint-plugin-promise to version 3.8.0 (Question : Is it possible to call ScrollTo_Y on <ListView/> Component? facebook/react-native#1389)
• e4d032c [dist] 5.2.0
• e7bfe5f chore(package): update mocha to version 5.2.0 ([Layout] Regression with paddingTop facebook/react-native#1385)
• 6dae94b chore(package): update eslint-plugin-import to version 2.12.0 ([CLI] Validation check for "React" package name facebook/react-native#1384)
• aebda2b chore(package): update nyc to version 11.8.0 ([Tests] Update tests to run on io.js with the latest version of jest facebook/react-native#1382)
• d871bdf [feature] Add `headers` argument to `verifyClient()` callback ([ListView] Cryptic errors from renderHeader and renderSectionHeader facebook/react-native#1379)
• bb9c21c [test] Fix failing test on node 10
• 6d8f1f4 [ci] Test on node 10
• 4385c78 [doc] Add `request` to emit arguments in shared server example ([Touches] Let only the nearest ancestor root view process touches facebook/react-native#1372)
• 690b3f2 [minor] Replace bound function with arrow function
• 9dc25a3 chore(package): update nyc to version 11.7.1 (App process is a steady 130% CPU immediately on launch facebook/react-native#1364)
• a81e580 chore(package): update mocha to version 5.1.0 (Custom Pagination on ScrollView Horizontal facebook/react-native#1362)
• 3215cf3 chore(package): update eslint-plugin-import to version 2.11.0 ([Navigator] Support the ref prop on scene roots facebook/react-native#1361)
• 0100d82 [doc] Improve FAQ example for X-Forwarded-For header ([ListView & Image] Loading 100 big images into a ListView not only crashes the app, but also crashes the os facebook/react-native#1360)
• c801e99 [doc] Improve docs and examples ([WebView] Support opening WebView links in external browser on iOS facebook/react-native#1355)
• 10c92ff [dist] 5.1.1

See the full diff

Package name: yargs

The new version differs by 164 commits.

• a6e67f1 chore(release): 13.2.4
• fc13476 chore: update standard-verison dependency
• bf46813 fix(i18n): rename unclear 'implication failed' to 'missing dependent arguments' (Fixed site/side in linking-libraries.html facebook/react-native#1317)
• a3a5d05 docs: fix a broken link to MS Terminology Search ([NavigatorIOS] Swipe back not working when navigationBarHidden is true facebook/react-native#1341)
• b4f8018 build: add .versionrc that hides test/build
• 0c39183 chore(release): 13.2.3
• 08e0746 chore: update deps (Application get stuck when displayLink invalidate facebook/react-native#1340)
• 843e939 docs: make `--no-` boolean prefix easier to find in the docs ([NO MERGE]Try to fix the react-native view initialized twice facebook/react-native#1338)
• 84cac07 docs: restore removed changelog of v13.2.0 (TabBarIOS tintColor facebook/react-native#1337)
• b20db65 fix(deps): upgrade cliui for compatibility with latest chalk. (would be a nice feature to be able to replace the NavigatorIOS title with an Image facebook/react-native#1330)
• c294d1b test: accept differently formatted output (Updates from Mon 18 May facebook/react-native#1327)
• ac3f10c chore: move .hbs templates into .js to facilitate webpacking ([ListView] How to implement endless scroll from bottom & top? facebook/react-native#1320)
• 0295132 fix: address issues with dutch translation ([Timer] setTimeout enviroment facebook/react-native#1316)
• 9f2468e doc: clarify parserConfiguration object structure (Remove extra comma at the end of stringifySafe call facebook/react-native#1309)
• e7f2937 chore(release): 13.2.2
• edd0bb5 test: correct test description
• 03a9523 chore: forgoing dropping Node 6 until yargs@14 ([Navigator] add optional callbacks to routing functions facebook/react-native#1308)
• 14920d1 docs: remove --save option as it isn't required anymore (Updates fri 15 may facebook/react-native#1301)
• 545c7f1 test: slightly reworded one test
• 4375680 chore(release): 13.2.1
• dfcaa68 test: slight edit to test wording
• 3180224 fix: add zsh script to files array
• 0a96394 fix: support options/sub-commands in zsh completion
• 48249a2 chore(release): 13.2.0

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service (DoS)
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Prototype Pollution
🦉 More lessons are available in Snyk Learn