From 01df9d4ba9e569f2935cd2790891bba6a5de1224 Mon Sep 17 00:00:00 2001 From: Ashok Argent-Katwala Date: Wed, 6 May 2020 12:16:56 -0400 Subject: [PATCH 1/4] Bump the yargs version to address some 'low' security vulnerability warnings. 'npm audit' complains for: - yargs > os-locale > mem (https://npmjs.com/advisories/1084) - yargs > yargs-parser (https://npmjs.com/advisories/1500) This is obviously a big jump in major version numbers, but the usage looks reasonably vanilla, so I'm hoping it's obvious whether this breaks anything. --- packages/gatsby-dev-cli/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/gatsby-dev-cli/package.json b/packages/gatsby-dev-cli/package.json index f01b798fed38f..696c492a9c931 100644 --- a/packages/gatsby-dev-cli/package.json +++ b/packages/gatsby-dev-cli/package.json @@ -22,7 +22,7 @@ "request": "2.88.2", "signal-exit": "^3.0.3", "verdaccio": "^4.6.2", - "yargs": "^8.0.2" + "yargs": "^15.3.1" }, "devDependencies": { "@babel/cli": "^7.8.4", From 65b09f05778a0b62499e3c689ab1f076c1355598 Mon Sep 17 00:00:00 2001 From: Ashok Argent-Katwala Date: Wed, 6 May 2020 12:21:55 -0400 Subject: [PATCH 2/4] Bump the yargs version to address a 'low' security vulnerability warning in yargs-parser. 'npm audit' complains about 'yargs > yargs-parser' (https://npmjs.com/advisories/1500). --- packages/gatsby-cli/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/gatsby-cli/package.json b/packages/gatsby-cli/package.json index 2989a9d317ca6..64b2b39c99005 100644 --- a/packages/gatsby-cli/package.json +++ b/packages/gatsby-cli/package.json @@ -48,7 +48,7 @@ "strip-ansi": "^5.2.0", "update-notifier": "^3.0.1", "uuid": "3.4.0", - "yargs": "^12.0.5", + "yargs": "^15.3.1", "yurnalist": "^1.1.2" }, "devDependencies": { From 2f30883be4729f4e99afdc646db897430e36bfe4 Mon Sep 17 00:00:00 2001 From: Michal Piechowiak Date: Thu, 7 May 2020 12:30:59 +0200 Subject: [PATCH 3/4] sync yarn.lock --- yarn.lock | 36 ++---------------------------------- 1 file changed, 2 insertions(+), 34 deletions(-) diff --git a/yarn.lock b/yarn.lock index ebe21279be120..a5b280a657770 100644 --- a/yarn.lock +++ b/yarn.lock @@ -7287,14 +7287,6 @@ clipboardy@^2.3.0: execa "^1.0.0" is-wsl "^2.1.1" -cliui@^3.2.0: - version "3.2.0" - resolved "https://registry.yarnpkg.com/cliui/-/cliui-3.2.0.tgz#120601537a916d29940f934da3b48d585a39213d" - dependencies: - string-width "^1.0.1" - strip-ansi "^3.0.1" - wrap-ansi "^2.0.0" - cliui@^4.0.0: version "4.1.0" resolved "https://registry.yarnpkg.com/cliui/-/cliui-4.1.0.tgz#348422dbe82d800b3022eef4f6ac10bf2e4d1b49" @@ -26237,12 +26229,6 @@ yargs-parser@^18.1.1: camelcase "^5.0.0" decamelize "^1.2.0" -yargs-parser@^7.0.0: - version "7.0.0" - resolved "https://registry.yarnpkg.com/yargs-parser/-/yargs-parser-7.0.0.tgz#8d0ac42f16ea55debd332caf4c4038b3e3f5dfd9" - dependencies: - camelcase "^4.1.0" - yargs-parser@^8.1.0: version "8.1.0" resolved "https://registry.yarnpkg.com/yargs-parser/-/yargs-parser-8.1.0.tgz#f1376a33b6629a5d063782944da732631e966950" @@ -26255,7 +26241,7 @@ yargs-parser@^9.0.2: dependencies: camelcase "^4.1.0" -yargs@12.0.5, yargs@^12.0.2, yargs@^12.0.5: +yargs@12.0.5, yargs@^12.0.2: version "12.0.5" resolved "https://registry.yarnpkg.com/yargs/-/yargs-12.0.5.tgz#05f5997b609647b64f66b81e3b4b10a368e7ad13" dependencies: @@ -26289,7 +26275,7 @@ yargs@13.2.4: y18n "^4.0.0" yargs-parser "^13.1.0" -yargs@15.3.1, yargs@^15.0.2: +yargs@15.3.1, yargs@^15.0.2, yargs@^15.3.1: version "15.3.1" resolved "https://registry.yarnpkg.com/yargs/-/yargs-15.3.1.tgz#9505b472763963e54afe60148ad27a330818e98b" integrity sha512-92O1HWEjw27sBfgmXiixJWT5hRBp2eobqXicLtPBIDBhYB+1HpwZlXmbW2luivBJHBzki+7VyCLRtAkScbTBQA== @@ -26374,24 +26360,6 @@ yargs@^14.2.0, yargs@^14.2.2: y18n "^4.0.0" yargs-parser "^15.0.0" -yargs@^8.0.2: - version "8.0.2" - resolved "https://registry.yarnpkg.com/yargs/-/yargs-8.0.2.tgz#6299a9055b1cefc969ff7e79c1d918dceb22c360" - dependencies: - camelcase "^4.1.0" - cliui "^3.2.0" - decamelize "^1.1.1" - get-caller-file "^1.0.1" - os-locale "^2.0.0" - read-pkg-up "^2.0.0" - require-directory "^2.1.1" - require-main-filename "^1.0.1" - set-blocking "^2.0.0" - string-width "^2.0.0" - which-module "^2.0.0" - y18n "^3.2.1" - yargs-parser "^7.0.0" - yauzl@^2.10.0, yauzl@^2.4.2: version "2.10.0" resolved "https://registry.yarnpkg.com/yauzl/-/yauzl-2.10.0.tgz#c7eb17c93e112cb1086fa6d8e51fb0667b79a5f9" From 3ac00a641088b5c58172658fe1672e52d7c5a27d Mon Sep 17 00:00:00 2001 From: Michal Piechowiak Date: Thu, 7 May 2020 12:31:49 +0200 Subject: [PATCH 4/4] move parserConfiguration from package.json to code (yargs no longer support package.json field) --- packages/gatsby-cli/package.json | 3 --- packages/gatsby-cli/src/create-cli.js | 4 +++- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/packages/gatsby-cli/package.json b/packages/gatsby-cli/package.json index 64b2b39c99005..e7cb3b7a56019 100644 --- a/packages/gatsby-cli/package.json +++ b/packages/gatsby-cli/package.json @@ -83,9 +83,6 @@ "watch": "babel -w src --out-dir lib --ignore \"**/__tests__\" --extensions \".ts,.js,.tsx\"", "postinstall": "node scripts/postinstall.js" }, - "yargs": { - "boolean-negation": false - }, "engines": { "node": ">=10.13.0" } diff --git a/packages/gatsby-cli/src/create-cli.js b/packages/gatsby-cli/src/create-cli.js index bbca1543a4795..1291211e7803b 100644 --- a/packages/gatsby-cli/src/create-cli.js +++ b/packages/gatsby-cli/src/create-cli.js @@ -342,7 +342,9 @@ Gatsby version: ${gatsbyVersion} } module.exports = argv => { - const cli = yargs() + const cli = yargs().parserConfiguration({ + "boolean-negation": false, + }) const isLocalSite = isLocalGatsbySite() cli