[BUG] Vulnerability present in version of dot-prop used by npm

Closed this issue 4 years ago · 1 comments

cmdcarini commented 4 years ago

What / Why

The version of dot-prop used by npm has a security vulnerability. It must be updated to a version >= 5.1.1 to be resolved.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8116

ljharb commented 4 years ago

Note that prototype pollution CVEs are almost exclusively a non-issue on 99% of projects, and I'm pretty sure npm is one of them.