[Snyk] Upgrade commander from 7.1.0 to 7.2.0

[snyk-bot]

Snyk has created this PR to upgrade commander from 7.1.0 to 7.2.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 1 version ahead of your current version.
• The recommended version was released 3 months ago, on 2021-03-21.

Release notes

Package name: commander

• 7.2.0 - 2021-03-21
  

  Added

  • TypeScript typing for parent property on Command (#1475)
  • TypeScript typing for .attributeName() on Option (#1483)
  • support information in package (#1477)

  Changed

  • improvements to error messages, README, and tests
  • update dependencies
• 7.1.0 - 2021-02-15
  

  Added

  • support for named imports from ECMAScript modules (#1440)
  • add .cjs to list of expected script file extensions (#1449)
  • allow using option choices and variadic together (#1454)

  Fixed

  • replace use of deprecated process.mainModule (#1448)
  • regression for legacy command('*') and call when command line includes options (#1464)
  • regression for on('command:*', ...) and call when command line includes unknown options (#1464)
  • display best error for combination of unknown command and unknown option (i.e. unknown command) (#1464)

  Changed

  • make TypeScript typings tests stricter (#1453)
  • improvements to README and tests

from commander GitHub release notes

Commit messages

Package name: commander

• 327a3dd Update CHANGELOG and dependences for 7.2.0
• 7b6567e Fix syntactically incorrect command name (Bump console from 0.11.3 to 0.12.0 cloudflare/wrangler-legacy#1488)
• 0fa4b8d Add test for process.exit finishing bunch of if-then-else cases (Bump tokio-tungstenite from 0.10.1 to 0.11.0 cloudflare/wrangler-legacy#1487)
• 82bf30b passThroughOptions: correct error message
• d3a9e7a Add attributeName to Option typings (Store Wrangler build artifact in KV cloudflare/wrangler-legacy#1483)
• 26223d0 Add missing word and expand wording for clarity (test npm installer every 6 hours cloudflare/wrangler-legacy#1482)
• b9ffe09 Add package support info (Added dev args to wrangler.toml cloudflare/wrangler-legacy#1477)
• e12ea2e Add Command parent property to TypeScript (Remove emojis from CLI cloudflare/wrangler-legacy#1475)
• 948796d Add mock tests to cover subcommand error handling ("Fatal: error in validating input" with rustwasm-worker-template cloudflare/wrangler-legacy#1474)
• c119028 Add runtime test that TypeScript imports are working (🤏 1.11.0-rc.0 cloudflare/wrangler-legacy#1473)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[guardrails]

⚠️ We detected 3 security issues in this pull request:

Mode: paranoid | Total findings: 3 | Considered vulnerability: 3

Insecure File Management (1)

Docs	Details
💡	Title: Use of non-literal require, Severity: High wrangler/wranglerjs/index.js Line 38 in 4ec9ff7 config = require(join(process.cwd(), args["webpack-config"]));

More info on how to fix Insecure File Management in JavaScript.

---

Hard-Coded Secrets (2)

Docs	Details
💡	Title: Hard-coded Secrets, Severity: Medium wrangler/src/commands/mod.rs Line 25 in 4ec9ff7 pub use secret::{create_secret, delete_secret, list_secrets};
💡	Title: Hard-coded Secrets, Severity: Medium wrangler/src/settings/global_user.rs Line 169 in 4ec9ff7 let api_key = "reallylongglobalapikey";

More info on how to fix Hard-Coded Secrets in General.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.