-
Notifications
You must be signed in to change notification settings - Fork 12k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Prototype Pollution in minimist | @angular-devkit/schematics-cli v13.3.0 #22872
Comments
Temporary workaround => add this to // ...
"pnpm": {
"overrides": {
"minimist@<=1.2.5": "1.2.6"
}
} So at least this unblocks my CI |
It appears that 1.2.6 is still vulnerable https://snyk.io/test/npm/minimist/1.2.6 That said, it is important to point out that we don't expect the CLI to run in production environments where this vulnerability can be exploited. |
Filed with them: https://github.com/substack/minimist/issues/168 Agreed that this isn't a must-fix-right-away issue because its in a CLI, my main concern over on my project is that someone runs |
Closed via #22873 |
This issue has been automatically locked due to inactivity. Read more about our automatic conversation locking policy. This action has been performed automatically by a bot. |
nestjs/nest-cli#1579
Blocking CI/CD in company project using
@nestjs/cli
Prototype Pollution in minimist
The text was updated successfully, but these errors were encountered: