Skip to content
This repository has been archived by the owner on Aug 9, 2022. It is now read-only.

Problem: (Fix #134) minimist dependency has vulnerability #135

Merged
merged 1 commit into from
May 7, 2020
Merged

Problem: (Fix #134) minimist dependency has vulnerability #135

merged 1 commit into from
May 7, 2020

Conversation

calvinlauyh
Copy link
Contributor

Solution: Update minimist to fix the vulnerability

yargs-parser still has vulnerability but it cannot be fixed until the transitive dependency updates.
Reference: webpack/webpack-dev-server#2559

@calvinlauyh
Problem: (Fix crypto-com#134) minimist dependency has vulnerability
bae1bb9 
Solution: Update minimist to fix the vulnerability
@tomtau tomtau merged commit 8da21e7 into crypto-com:master May 7, 2020
@nidhigupta09
Copy link

I'm also facing this problem ..can u help how to fix it
=== npm audit security report ===

                             Manual Review
         Some vulnerabilities require your attention to resolve

      Visit https://go.npm.me/audit-guide for additional guidance

Low Prototype Pollution

Package yargs-parser

Patched in >=13.1.2 <14.0.0 || >=15.0.1 <16.0.0 || >=18.1.2

Dependency of react-scripts

Path react-scripts > webpack-dev-server > yargs > yargs-parser

More info https://npmjs.com/advisories/1500

found 1 low severity vulnerability in 1606 scanned packages
1 vulnerability requires manual review. See the full report for details.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@landanhu landanhu Awaiting requested review from landanhu landanhu is a code owner

@devashishdxt devashishdxt Awaiting requested review from devashishdxt devashishdxt is a code owner

@tomtau tomtau Awaiting requested review from tomtau

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@calvinlauyh @nidhigupta09 @tomtau