[SG-37087] NPM dependency upgrades: Prototype Pollution in minimist (!38883) · Merge requests · Administrator / sourcegraph

Administrator requested to merge contractors/SG-37087 into main Jul 15, 2022

Created by: gitstart-sourcegraph

The latest possible version that can be installed is 0.0.8 because of the following conflicting dependency: [email protected] requires [email protected] via a transitive dependency on [email protected]

Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95)

Checked dependancy:

puppeteer-firefox@^0.5.1==>extract-zip@^1.6.6==>[email protected]==>[email protected]

App preview: