Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Minimist vulnerability CVE-2021-44906 #266

Closed
1 of 3 tasks
anirudhb-sf opened this issue Mar 21, 2022 · 2 comments · Fixed by #267
Closed
1 of 3 tasks

Minimist vulnerability CVE-2021-44906 #266

anirudhb-sf opened this issue Mar 21, 2022 · 2 comments · Fixed by #267
Assignees
@jordanbtucker
Labels
enhancement 👍

Comments

@anirudhb-sf
Copy link

I'm submitting a ...

  • bug report
  • feature request
  • support request or question => Please do not submit support request or questions here, see note at the top of this template.

What is the current behavior?

minimist: v1.2.5 brings in a security vulnerability which is currently has no fix. The following dependency chain makes json5 a vulnerable package: json5@1.0.1 › minimist@1.2.5.

What is the expected behavior?

Request for a security fix to make config package free from security vulnerabilities.
@jordanbtucker jordanbtucker mentioned this issue Mar 21, 2022
Merged
@jordanbtucker
Copy link
Member

Thanks for reporting this. This is fixed in v2.2.1.

@jordanbtucker jordanbtucker self-assigned this Mar 21, 2022
@anirudhb-sf
Copy link
Author

Thanks for the prompt fix!

@anirudhb-sf anirudhb-sf mentioned this issue Mar 22, 2022
Closed
3 tasks
This was referenced Mar 22, 2022
Merged
Merged
Merged
Merged
@SukkaW SukkaW mentioned this issue Nov 8, 2022
Merged
This was referenced Feb 17, 2023
Open
Open
@sync-by-unito sync-by-unito bot mentioned this issue Jan 31, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jordanbtucker jordanbtucker

Labels
enhancement 👍
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: remove minimist jordanbtucker/json5
2 participants
@jordanbtucker @anirudhb-sf