New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Minimist vulnerability CVE-2021-44906 #674
Comments
I don't see how This looks like "not-a-bug" to me, but I'll welcome a patch to bump the version of the |
I confirm that there is not an issue anymore. However older package may be cached and that's why you can see this issue. To fix this - remove node_modules folder, remove package-lock.json file and run npm i command again. |
I've also confirmed what @iblessedi said. Once I removed my node_moduels, package-lock.json, and re-ran npm install/yarn install, it fixed the issue. |
I have pushed a commit to bump the version of json5 we require, to force upgrades to json5. I'm not putting out a new release today though since we aren't vulnerable, but I will if someone else has a problem with a related warning. |
I'm submitting a ...
What is the current behavior?
minimist
:v1.2.5
brings in a security vulnerability which is currently has no fix. The following dependency chain makesnode-config
a vulnerable package: config@3.2.4 › json5@1.0.1 › minimist@1.2.5.What is the expected behavior?
Request for a security fix to make config package free from security vulnerabilities.
The text was updated successfully, but these errors were encountered: