[Snyk] Upgrade yargs from 16.2.0 to 18.0.0

[nerdy-tech-com-gitub]

Snyk has created this PR to upgrade yargs from 16.2.0 to 18.0.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

• The recommended version is 47 versions ahead of your current version.

• The recommended version was released 3 months ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	159	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	159	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-BROWSERIFYSIGN-6037026	159	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-CROSSSPAWN-8303230	159	Proof of Concept
	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	159	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-8172694	159	No Known Exploit
	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	159	No Known Exploit
	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	159	No Known Exploit
	Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	159	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	159	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	159	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BRACEEXPANSION-9789073	159	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577916	159	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577917	159	Proof of Concept
	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-7577918	159	Proof of Concept
	Information Exposure SNYK-JS-ELLIPTIC-8720086	159	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	159	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	159	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	159	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	159	Proof of Concept
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	159	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	159	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579147	159	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579152	159	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579155	159	No Known Exploit
	Prototype Pollution SNYK-JS-JSON5-3182856	159	Proof of Concept
	Prototype Pollution SNYK-JS-JSON5-3182856	159	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	159	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	159	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	159	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366	159	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-2429795	159	Proof of Concept
	Generation of Predictable Numbers or Identifiers SNYK-JS-PBKDF2-10495496	159	Proof of Concept
	Generation of Predictable Numbers or Identifiers SNYK-JS-PBKDF2-10495498	159	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	159	No Known Exploit

Release notes

Package name: yargs

• 18.0.0 - 2025-05-27
  

  18.0.0 (2025-05-26)

  ⚠ BREAKING CHANGES

  • command names are not derived from modules passed to command.
  • singleton usage of yargs yargs.foo, yargs().argv, has been removed.
  • minimum node.js versions now ^20.19.0 || ^22.12.0 || >=23.
  • yargs is now ESM first

  Features

  • commandDir now works with ESM files (#2461) (27eec18)
  • locale: adds hebrew translation (#2357) (4266485)
  • yargs is now ESM first (d90af45)
  • zsh: Add default completion as fallback (#2331) (e02c91b)

  Bug Fixes

  • addDirectory do not support absolute command dir (#2465) (3a40a78)
  • allows ESM modules commands to be extensible using visit option (#2468) (200e1aa)
  • browser: fix shims so that yargs continues working in browser context (#2457) (4ae5f57)
  • build: address problems with typescript compilation (#2445) (8d72fb3)
  • coerce should play well with parser configuration (#2308) (8343c66)
  • deps: update dependency yargs-parser to v22 (#2470) (639130d)
  • exit after async handler done (#2313) (e326cde)
  • handle spaces in bash completion (#2452) (83b7788)
  • parser-configuration should work well with generated completion script (#2332) (888db19)
  • propagate Dictionary including undefined in value type (#2393) (2b2f7f5)
  • zsh: completion no longer requires double tab when using autoloaded (0dd8fe4)

  Code Refactoring

  • command names are not derived from modules passed to command. (d90af45)
  • singleton usage of yargs yargs.foo, yargs().argv, has been removed. (d90af45)

  Build System

  • minimum node.js versions now ^20.19.0 || ^22.12.0 || >=23. (d90af45)
• 18.0.0-candidate.7 - 2025-04-25
• 18.0.0-candidate.6 - 2025-04-24
• 18.0.0-candidate.5 - 2025-04-23
• 18.0.0-candidate.4 - 2025-04-16
• 18.0.0-candidate.3 - 2025-04-11
• 18.0.0-candidate.2 - 2025-04-10
• 18.0.0-candidate.1 - 2025-04-09
• 18.0.0-browser.2 - 2025-04-11
• 18.0.0-browser.1 - 2025-04-11
• 18.0.0-browser.0 - 2025-04-10
• 17.7.2 - 2023-04-27
  

  17.7.2 (2023-04-27)

  Bug Fixes

  • do not crash completion when having negated options (#2322) (7f42848)
• 17.7.1 - 2023-02-21
  

  17.7.1 (2023-02-21)

  Bug Fixes

  • address display bug with default sub-commands (#2303) (9aa2490)
• 17.7.0 - 2023-02-16
  

  17.7.0 (2023-02-13)

  Features

  • add method to hide option extras (#2156) (2c144c4)
  • convert line break to whitespace for the description of the option (#2271) (4cb41dc)

  Bug Fixes

  • copy the description of the option to its alias in completion (#2269) (f37ee6f)
• 17.6.2 - 2022-11-03
  

  17.6.2 (2022-11-03)

  Bug Fixes

  • deps: update dependency yargs-parser to v21.1.1 (#2231) (75b4d52)
  • lang: typo in Finnish unknown argument singular form (#2222) (a6dfd0a)
• 17.6.1 - 2022-11-02
• 17.6.0 - 2022-10-01
• 17.5.1 - 2022-05-16
• 17.5.0 - 2022-05-11
• 17.4.1 - 2022-04-09
• 17.4.0 - 2022-03-19
• 17.3.1 - 2021-12-23
• 17.3.0 - 2021-11-30
• 17.2.1 - 2021-09-25
• 17.2.0 - 2021-09-23
• 17.1.1 - 2021-08-13
• 17.1.1-candidate.0 - 2021-08-13
• 17.1.0 - 2021-08-04
• 17.1.0-candidate.0 - 2021-07-15
• 17.0.2-candidate.1 - 2021-07-15
• 17.0.2-candidate - 2021-07-10
• 17.0.1 - 2021-05-03
• 17.0.0 - 2021-05-02
• 17.0.0-candidate.13 - 2021-04-26
• 17.0.0-candidate.12 - 2021-04-12
• 17.0.0-candidate.11 - 2021-04-11
• 17.0.0-candidate.10 - 2021-04-04
• 17.0.0-candidate.9 - 2021-04-04
• 17.0.0-candidate.8 - 2021-03-26
• 17.0.0-candidate.7 - 2021-03-14
• 17.0.0-candidate.6 - 2021-03-11
• 17.0.0-candidate.5 - 2021-03-10
• 17.0.0-candidate.4 - 2021-03-08
• 17.0.0-candidate.3 - 2021-02-22
• 17.0.0-candidate.2 - 2021-02-16
• 17.0.0-candidate.1 - 2021-02-15
• 17.0.0-candidate.0 - 2021-01-09
• 16.2.0 - 2020-12-05

from yargs GitHub release notes

---

Important

• Warning: This PR contains a major version upgrade, and may be a breaking change.
• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs