You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Dependabot warns me about a moderate security problem in my project, because I use a third party module with native code, which uses node-pre-gyp, which uses mkdirp, which uses minimist 0.0.8.
Please update to minimist 1.2.3, even if that means changing callers due to API changes. Even if the warning is spurious: Just the fact that all developers see this warning and need to investigate it costs a lot of work time for everybody.
Here's what dependabot says:
Remediation
Upgrade minimist to version 1.2.3 or later. For example:
minimist@^1.2.3:
version "1.2.3"
Always verify the validity and compatibility of suggestions with your codebase.
Details CVE-2020-7598
moderate severity
Vulnerable versions: >= 1.0.0, < 1.2.3
Patched version: 1.2.3
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "proto" payload.
The text was updated successfully, but these errors were encountered:
Dependabot warns me about a moderate security problem in my project, because I use a third party module with native code, which uses node-pre-gyp, which uses mkdirp, which uses minimist 0.0.8.
Please update to minimist 1.2.3, even if that means changing callers due to API changes. Even if the warning is spurious: Just the fact that all developers see this warning and need to investigate it costs a lot of work time for everybody.
Here's what dependabot says:
Remediation
Upgrade minimist to version 1.2.3 or later. For example:
minimist@^1.2.3:
version "1.2.3"
Always verify the validity and compatibility of suggestions with your codebase.
Details
CVE-2020-7598
moderate severity
Vulnerable versions: >= 1.0.0, < 1.2.3
Patched version: 1.2.3
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "proto" payload.
The text was updated successfully, but these errors were encountered: