You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
┌───────────────┬──────────────────────────────────────────────────────────────┐ │ High │ minimist before 1.2.2 could be tricked into adding or │ │ │ modifying properties of Object.prototype using a │ │ │ "constructor" or "__proto__" payload. │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ minimist │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Patched in │ 0.2.1||1.2.2 │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ rxjs-tslint [dev] │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ rxjs-tslint > optimist > minimist │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-75… │ └───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐ │ High │ minimist before 1.2.2 could be tricked into adding or │ │ │ modifying properties of Object.prototype using a │ │ │ "constructor" or "__proto__" payload. │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Package │ minimist │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Patched in │ 0.2.1||1.2.2 │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Dependency of │ rxjs-tslint [dev] │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ Path │ rxjs-tslint > optimist > minimist │ ├───────────────┼──────────────────────────────────────────────────────────────┤ │ More info │ http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-75… │ └───────────────┴──────────────────────────────────────────────────────────────┘
optimist depends on minimist, which has this security issue. optimist is no longer maintained and owner wont patch.
Suggest replacing optimist with yargs.
Solution provided here.
The text was updated successfully, but these errors were encountered: