From b5d9eac992f0b0c310ecc49f6ea91cb861ee7afd Mon Sep 17 00:00:00 2001 From: gopijaganthan <42249619+gopijaganthan@users.noreply.github.com> Date: Tue, 22 Mar 2022 19:49:57 +0100 Subject: [PATCH] Fixing pollution vulnerability in minimist (#197) * Fixing pollution vulnerability in minimist fixing prototype Pollution vulnerability in minimist updating minimist version to 1.2.6 ref: https://www.npmjs.com/advisories/1067259 * updating yarn lock file Co-authored-by: g.jaganathan --- package.json | 2 +- yarn.lock | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/package.json b/package.json index 0004294..517b43b 100644 --- a/package.json +++ b/package.json @@ -35,7 +35,7 @@ "dependencies": { "@types/json5": "^0.0.29", "json5": "^1.0.1", - "minimist": "^1.2.0", + "minimist": "^1.2.6", "strip-bom": "^3.0.0" }, "scripts": { diff --git a/yarn.lock b/yarn.lock index 25bf34e..e36172c 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2333,6 +2333,11 @@ minimist@^1.2.5: resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.5.tgz#67d66014b66a6a8aaa0c083c5fd58df4e4e97602" integrity sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw== +minimist@^1.2.6: + version "1.2.6" + resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.6.tgz#8637a5b759ea0d6e98702cfb3a9283323c93af44" + integrity sha512-Jsjnk4bw3YJqYzbdyBiNsPWHPfO++UGG749Cxs6peCu5Xg4nrena6OVxOYxrQTqww0Jmwt+Ref8rggumkTLz9Q== + mkdirp@^0.5.1: version "0.5.1" resolved "https://registry.yarnpkg.com/mkdirp/-/mkdirp-0.5.1.tgz#30057438eac6cf7f8c4767f38648d6697d75c903"