Skip to content

Commit

Permalink
test: Drop indirect dep on vulnerable minimist module (#4042)
Browse files Browse the repository at this point in the history 
Minimist is vulnerable to prototype pollution, and is no longer
receiving updates.  Details of the vulnerability can be found here:
GHSA-xvch-5gv4-984h

This updates our indirect dep on json5 to remove its minimist dep.

Jimp, Karma, and WD all rely on v0 of mkdirp, which uses minimist.
This forces them to use v1 of mkdirp, a rewrite which doesn't use
minimist.
  • Loading branch information
@joeyparrish
joeyparrish committed Mar 21, 2022
1 parent 3f838cf commit 3f55c82
Showing 1 changed file with 17 additions and 56 deletions.
73 changes: 17 additions & 56 deletions package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit 3f55c82

Please sign in to comment.