New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update minimist to 1.2.3 or later #47
Comments
Please update the |
This should be solved by #46 |
Is this a real issue? I mean, it is a devDependency for this project, how is it that minimist ended being installed? is it a dependency of flatted or rimraf? |
Hello @royriojas Actually, the description of the issue is not 100% correct. As @jfoclpf mentioned, the dependency
Thanks for your lib 😊 |
To update |
@yumetodo - we will be removing nodejs 10 support in the upcoming weeks. |
Hello, just found this out, so wanted to open an issue.
minimist released a security statement to use version 1.2.3 or later due to a prototype pollution bug
minimist is not a top level dependency (It's not in
package.json
), but it is present inpackage-lock.json
(a word search reveals 21 occurrences)This means projects with flat-cache as dependency and a build process that includes checking vulnerability (through
$ npm audit
) might have a fail build because of it. I was wondering if you can please take a look, thanks!The text was updated successfully, but these errors were encountered: