Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

the minimist v1.2.5 package has critical dependency issue. This needs to be updated to 1.2.6 #467

Closed
michael-roewin opened this issue May 18, 2022 · 6 comments
Closed

the minimist v1.2.5 package has critical dependency issue. This needs to be updated to 1.2.6 #467

michael-roewin opened this issue May 18, 2022 · 6 comments
Labels
build issue An issue related to build process

Comments

@michael-roewin
Copy link

Findings

  • When doing npm audit, a critical vulnerability issue that's related to the cordova diagnostic plugin appears.

Screenshots

image
@dvag-lukas-rybacki
Copy link

@michael-roewin already fixed in #464

@michael-roewin
Copy link
Author

michael-roewin commented Jun 30, 2022
edited
Loading

thanks so much @dvag-lukas-rybacki . Are you going to create a new tag for this fix?

@dvag-lukas-rybacki
Copy link

@michael-roewin i am also waiting for a new release @dpa99c

@peitschie
Copy link

As an interim fix, you can install the dependency directly from github instead (there appears to be no compile steps needed here):

npm install --save https://github.com/dpa99c/cordova-diagnostic-plugin.git

But definitely looking forward to a new release 😸

@dvag-lukas-rybacki
Copy link

Thats true @peitschie . Thanks for the alternative idea and also looking forward to new release though 😄

@dpa99c dpa99c added ready for release On master branch but not published as npm release build issue An issue related to build process and removed ready for release On master branch but not published as npm release labels Jul 26, 2022
@dpa99c
Copy link
Owner

dpa99c commented Jul 29, 2022

This has been fixed in the major version [email protected] which has just been released to npm.
Please re-test with this new version and feedback any issues.

@dpa99c dpa99c closed this as completed Jul 29, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
build issue An issue related to build process
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@peitschie @dpa99c @michael-roewin @dvag-lukas-rybacki