Minimist vulnerability CVE-2021-44906 #266

anirudhb-sf · 2022-03-21T14:50:36Z

I'm submitting a ...

bug report
feature request
support request or question => Please do not submit support request or questions here, see note at the top of this template.

What is the current behavior?

minimist: v1.2.5 brings in a security vulnerability which is currently has no fix. The following dependency chain makes json5 a vulnerable package: json5@1.0.1 › minimist@1.2.5.

What is the expected behavior?

Request for a security fix to make config package free from security vulnerabilities.

The text was updated successfully, but these errors were encountered:

jordanbtucker · 2022-03-21T16:34:12Z

Thanks for reporting this. This is fixed in v2.2.1.

anirudhb-sf · 2022-03-22T04:06:05Z

Thanks for the prompt fix!

jordanbtucker mentioned this issue Mar 21, 2022

fix: remove minimist #267

Merged

jordanbtucker closed this as completed in #267 Mar 21, 2022

jordanbtucker self-assigned this Mar 21, 2022

jordanbtucker added the enhancement 👍 label Mar 21, 2022

anirudhb-sf mentioned this issue Mar 22, 2022

Minimist vulnerability CVE-2021-44906 node-config/node-config#674

Closed

3 tasks

SukkaW mentioned this issue Nov 8, 2022

Bump dependencies for security johanholmerin/style9#77

Merged

This was referenced Feb 17, 2023

Bump json5 from 1.0.1 to 1.0.2 vlafranca/ngxAutocomPlace#45

Open

Bump json5 and @angular-devkit/build-angular vlafranca/ngxAutocomPlace#44

Open

Minimist vulnerability CVE-2021-44906 #266

Minimist vulnerability CVE-2021-44906 #266

anirudhb-sf commented Mar 21, 2022

jordanbtucker commented Mar 21, 2022

anirudhb-sf commented Mar 22, 2022

Minimist vulnerability CVE-2021-44906 #266

Minimist vulnerability CVE-2021-44906 #266

Comments

anirudhb-sf commented Mar 21, 2022

I'm submitting a ...

What is the current behavior?

What is the expected behavior?

jordanbtucker commented Mar 21, 2022

anirudhb-sf commented Mar 22, 2022