Prototype Pollution in mv@2.1.1 and License issue in exeunt@1.1.0

Question

Prototype Pollution in mv@2.1.1 and License issue in exeunt@1.1.0

hetzbr opened this issue 4 years ago · 1 comments

There is a prototype pollution vulnerability in the latest version of Bunyan 2.0.2 introduced by bunyan@2.0.2 > mv@2.1.1 > mkdirp@0.5.1 > minimist@0.0.8

https://snyk.io/vuln/SNYK-JS-MINIMIST-559764

In addition, there is a license issue introduced by bunyan@2.0.2 > exeunt@1.1.0

https://snyk.io/vuln/snyk:lic:npm:exeunt:MPL-2.0

Answer 1 · 2020-06-30T13:46:16.000Z

(The prototype pollution vulnerability also exists in bunyan v1, captured in #643)