bump minimist dependency version for npm audit
jay-meister opened this issue · 0 comments
jay-meister commented
running npm audit --production shows an error:
┌──────────────────────────────────────────────────────────────────────────────┐
│ Manual Review │
│ Some vulnerabilities require your attention to resolve │
│ │
│ Visit https://go.npm.me/audit-guide for additional guidance │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Moderate │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ minimist │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=1.2.3 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ puppeteer-pdf │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ puppeteer-pdf > puppeteer > extract-zip > mkdirp > minimist │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/1179 │
└───────────────┴──────────────────────────────────────────────────────────────┘
1 vulnerability requires manual review. See the full report for details.
It looks like bumping version to ^1.2.3 would do the trick: https://www.npmjs.com/advisories/1179/versions
Is this your domain?