From 4cf1354839cb972e38496d35e12f806eea92c11f Mon Sep 17 00:00:00 2001 From: substack Date: Wed, 11 Mar 2020 09:24:47 -1000 Subject: [PATCH] security notice --- readme.markdown | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/readme.markdown b/readme.markdown index c58e258..5fd97ab 100644 --- a/readme.markdown +++ b/readme.markdown @@ -29,6 +29,13 @@ $ node example/parse.js -x 3 -y 4 -n5 -abc --beep=boop foo bar baz beep: 'boop' } ``` +# security + +Previous versions had a prototype pollution bug that could cause privilege +escalation in some circumstances when handling untrusted user input. + +Please use version 1.2.3 or later: https://snyk.io/vuln/SNYK-JS-MINIMIST-559764 + # methods ``` js