Bump minimist to 1.2.6
Closed this issue · 1 comments
dreamorosi commented
Confirm by changing [ ] to [x] below to ensure that it's a bug:
- I've gone though Developer Guide and API reference
- I've searched for previous similar issues and didn't find any solution
Describe the bug
The SDK dependes on a vulnerable version of minimist (v1.2.5) which is affected by CVE-2021-44906. Could you please update & publish a new version of the SDK with minimist updated to v1.2.6?
As of now, projects that depend on the SDK will have the dependency flagged as vulnerable and this, in some cases, can block deployment pipelines.
SDK version number latest
github-actions commented
⚠️ COMMENT VISIBILITY WARNING⚠️
Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.