Hi, could you please remove yargs
as a dependency and use something else instead?
A core dependency of yargs
, yargs-parser
not only has vulnerabilities in the specific version you use, but seemingly hasn't been updated at all in the last two years, merge requests with additional fixes being ignored. I don't believe yargs
should be trusted as a dependency when this is allowed.