Skip to content

[SG-37087] NPM dependency upgrades: Prototype Pollution in minimist

Warren Gifford requested to merge contractors/SG-37087 into main

Created by: gitstart-sourcegraph

Descriptions

The latest possible version that can be installed is 0.0.8 because of the following conflicting dependency: [email protected] requires [email protected] via a transitive dependency on [email protected]

Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95)

Checked dependancy:

Refs

Sourcegraph Issue GitStart Issue

Test plan

  • Make sure all CI checks passed

App preview:

Check out the client app preview documentation to learn more.

Merge request reports

Loading