You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello: I am reporting a security vulnerability present in the minimist sub-dependency that this package is using.
Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).
Note: It looks like minimist#v1.2.5 is currently the latest version, so they have not patched the issue yet. However, reading through some of the comments posted by other developers, it looks like there is a fork called minimist-lite that doesn't have the issue present. Not sure if that is compatible with your package, but wanted to call it out as a potential option.
The text was updated successfully, but these errors were encountered:
Hello: I am reporting a security vulnerability present in the minimist sub-dependency that this package is using.
Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).
Note: It looks like
minimist#v1.2.5
is currently the latest version, so they have not patched the issue yet. However, reading through some of the comments posted by other developers, it looks like there is a fork calledminimist-lite
that doesn't have the issue present. Not sure if that is compatible with your package, but wanted to call it out as a potential option.The text was updated successfully, but these errors were encountered: