npm audit warning from minimist dependency

Question

npm audit warning from minimist dependency

MartinHignett opened this issue 5 years ago · 0 comments

We have an npm audit warning when including this library in our dev dependencies:

│ Low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ minimist                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=0.2.1 <1.0.0 || >=1.2.3                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ license-checker                                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ license-checker > mkdirp > minimist                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1179                            │
└───────────────┴──────────────────────────────────────────────────────────────┘

It looks like we need to update the mkdirp dependency to 0.5.3 or later.