You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, a vulnerability CVE-2020-7598 is introduced in hads@3.0.0 via:
● hads@3.0.0 ➔ optimist@0.6.1 ➔ minimist@0.0.10
However, optimist is a legacy package, which has not been maintained for about 8 years.
Is it possible to migrate optimist to other package to remediate this vulnerability?
I noticed several migration records in other js repo for optimist:
in handlebars, version 4.7.3-->4.7.4, migrate optimist to yargs via commit
in db-migrate, version 1.0.0-beta.2-->1.0.0-beta.3, migrate optimist to yargs via commit
in http-server, version 0.12.1-->0.12.2, deprecated optimist and directly use minimist via commit
Thanks.
The text was updated successfully, but these errors were encountered:
You're completely right, in most of my other projects I use minimist directly so I've failed to notice. I would be fine with migrating to either minimist or yargs, both are solid choices.
Hi, a vulnerability CVE-2020-7598 is introduced in hads@3.0.0 via:
● hads@3.0.0 ➔ optimist@0.6.1 ➔ minimist@0.0.10
However, optimist is a legacy package, which has not been maintained for about 8 years.
Is it possible to migrate optimist to other package to remediate this vulnerability?
I noticed several migration records in other js repo for optimist:
Thanks.
The text was updated successfully, but these errors were encountered: