We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
minimist
Somewhere through the current dependency tree, minimist@0.0.8 gets used.
my recent project package-lock.json shows parcel-bundler@1.12.4 --> @parcel/watcher@1.12.1 --> chokidar@2.1.8 --> fsevents@1.2.11 --> minimist@0.0.8
parcel-bundler is at latest. @parcel/watcher is in 2.0 alpha now? How can I force the update to my dependencies?
Minimist README says this:
Previous versions had a prototype pollution bug that could cause privilege escalation in some circumstances when handling untrusted user input. Please use version 1.2.3 or later: https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
Previous versions had a prototype pollution bug that could cause privilege escalation in some circumstances when handling untrusted user input.
Please use version 1.2.3 or later: https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
I think upgrade to chokidar@3 will fix this. I THINK it's already fixed in 2.0 alpha. Should I report on parcel-bundler instead?
The text was updated successfully, but these errors were encountered:
Closing because I see that the effort to release parcel 2 with parcel watcher 2.
If there's any help in the mean time though that's cool!
Sorry, something went wrong.
No branches or pull requests
Somewhere through the current dependency tree, minimist@0.0.8 gets used.
my recent project package-lock.json shows
parcel-bundler@1.12.4 --> @parcel/watcher@1.12.1 --> chokidar@2.1.8 --> fsevents@1.2.11 --> minimist@0.0.8
parcel-bundler is at latest. @parcel/watcher is in 2.0 alpha now? How can I force the update to my dependencies?
Minimist README says this:
I think upgrade to chokidar@3 will fix this. I THINK it's already fixed in 2.0 alpha. Should I report on parcel-bundler instead?
The text was updated successfully, but these errors were encountered: