Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix security vulnerability GHSA-vh95-rmgr-6w4m. #622

Merged
merged 2 commits into from
Apr 27, 2020
Merged

Fix security vulnerability GHSA-vh95-rmgr-6w4m. #622

merged 2 commits into from
Apr 27, 2020

Conversation

adunkman
Copy link
Contributor

@adunkman adunkman commented Apr 9, 2020
edited by thornjad

Please ensure that your pull request fulfills these requirements:

  • The pull request is being made against the master branch
  • Tests for the changes have been added (for bug fixes / features)

What is the purpose of this pull request? (bug fix, enhancement, new feature,...)

Fixes GHSA-vh95-rmgr-6w4m present in versions of minimist before 1.2.2.

What changes did you make?

  • optimist is deprecated and suggests using minimist directly or using yargs. It seemed relatively straightforward to use minimist directly here.
  • I was able to resolve the remaining reference to an outdated version of minimist by upgrading a sub-dependency, mkdirp.

Is there anything you'd like reviewers to focus on?

It doesn’t look like there are a ton (any?) tests associated with the command-line interface specifically. I ran it a few times and it seems to work as expected, but that’s something to keep an eye out for when reviewing.

Fixes #614

This was referenced Apr 9, 2020
Closed
Merged
@adunkman
Copy link
Contributor Author

Looks like Travis had an error reporting the build status to GitHub — the build has completed successfully on Travis.

@thornjad for your review when, well, other priorities permit. Hope you’re healthy and holding up okay! ❤️

@thornjad thornjad self-requested a review April 13, 2020 14:53
@thornjad thornjad added this to the v0.12.2 milestone Apr 13, 2020
@briandelancey

This comment has been minimized.

Sign in to view
@thornjad thornjad added dependencies Pull requests that update a dependency file high priority Very important bug or security fix minor version non-breaking, non-trivial change staged labels Apr 27, 2020
@thornjad thornjad merged commit 943c609 into http-party:master Apr 27, 2020
@karlhorky karlhorky mentioned this pull request Apr 27, 2020
Closed
@thornjad thornjad mentioned this pull request Oct 6, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thornjad thornjad thornjad approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file high priority Very important bug or security fix minor version non-breaking, non-trivial change
Projects
None yet
Milestone
v0.12.2
Development

Successfully merging this pull request may close these issues.

Replace optimist with minimist
3 participants
@adunkman @briandelancey @thornjad