Package dependencies contain a vulnerability in minimist #787

IdanAdar · 2020-03-28T18:46:51Z

npm audit reveals the following:

Low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ minimist                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=0.2.1 <1.0.0 || >=1.2.3                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ f39e5236885eb877c2528af825334df989f77901eab451dc3bf30ee73c6… │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ f39e5236885eb877c2528af825334df989f77901eab451dc3bf30ee73c6… │
│               │ >                                                            │
│               │ 119f77919637ddefbe3fb7c1f9e4251d45c468c0db7478b53eccb7ef05b… │
│               │ > @opencensus/nodejs > @opencensus/instrumentation-all >     │
│               │ @opencensus/instrumentation-grpc > grpc > node-pre-gyp >     │
│               │ mkdirp > minimist                                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1179                            │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ minimist                                                     │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=0.2.1 <1.0.0 || >=1.2.3                                    │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ f39e5236885eb877c2528af825334df989f77901eab451dc3bf30ee73c6… │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ f39e5236885eb877c2528af825334df989f77901eab451dc3bf30ee73c6… │
│               │ >                                                            │
│               │ 119f77919637ddefbe3fb7c1f9e4251d45c468c0db7478b53eccb7ef05b… │
│               │ > @opencensus/nodejs > @opencensus/instrumentation-all >     │
│               │ @opencensus/instrumentation-grpc > grpc > node-pre-gyp > tar │
│               │ > mkdirp > minimist                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1179

The text was updated successfully, but these errors were encountered:

mayurkale22 · 2020-03-29T06:55:56Z

Thanks for reporting this. Please review #788

IdanAdar added the bug label Mar 28, 2020

mayurkale22 mentioned this issue Mar 29, 2020

npm audit fix #788

Merged

mayurkale22 closed this as completed in #788 Mar 30, 2020

IdanAdar mentioned this issue Apr 3, 2020

Depends on vulnerable package: minimist v0.0.8 and v1.2.0 #790

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Package dependencies contain a vulnerability in minimist #787

Package dependencies contain a vulnerability in minimist #787

IdanAdar commented Mar 28, 2020 •

edited

mayurkale22 commented Mar 29, 2020

Package dependencies contain a vulnerability in minimist #787

Package dependencies contain a vulnerability in minimist #787

Comments

IdanAdar commented Mar 28, 2020 • edited

mayurkale22 commented Mar 29, 2020

IdanAdar commented Mar 28, 2020 •

edited