extract-zip has a dependency to mkdir@0.5.2, that has a dependency to minimist@0.0.8 which has a security issue #254

andreasmarkussen · 2020-03-15T11:31:29Z

Chromedriver depends on extract-zip@1.6.7, which has a security problem.

Extract-zip has a dependency on mkdir@0.5.2, that has a dependency on minimist@0.0.8 which has a security issue

The problem is not easy to fix since extract-zip is not maintained.

The fix should be that someone should take over extract-zip and ensure that it is up to date.

Does anyone have suggestions to how to cope with a situation like this?

dmarczydlo · 2020-03-24T11:52:38Z

From security reason are you planning to update minimist dependencies?

andrewiggins · 2020-03-26T20:00:31Z

extract-zip has been updated: max-mapper/extract-zip#88

giggio · 2020-04-04T19:23:42Z

I just updated and released a fix.

lock · 2020-04-15T07:34:20Z

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

zbigg mentioned this issue Mar 25, 2020

Upgrade minimist to version 1.2.2 or later zbigg/mocha-webdriver-runner#12

Closed

andrewiggins mentioned this issue Mar 26, 2020

Upgrade extract-zip dependency #257

Closed

giggio closed this as completed Apr 4, 2020

giggio self-assigned this Apr 4, 2020

giggio added the bug label Apr 4, 2020

lock bot locked as resolved and limited conversation to collaborators Apr 15, 2020

Provide feedback