fix(deps): force minimist >=1.2.6 for CVE-2021-44906 #1943
Assignees
Labels
dependencies
Pull requests that update a dependency file
P1
Priority 1: Highest
Security
Related to existing or potential security vulnerabilities
Comments
petermetz
added
dependencies
petermetz
added a commit
to petermetz/cacti
that referenced
this issue
Mar 23, 2022
Ensures that yarn will only install 1.2.6 or newer versions for minimist. The proper fix would be to have the dependencies issue releases which upgrade their own (transitive) dependencies of minimist so that we don't have to explicitly force it here, but at the time of this writing these upgrades in our direct dependencies are just not available yet. Fixes hyperledger-cacti#1943 Signed-off-by: Peter Somogyvari <[email protected]>
takeutak
pushed a commit
that referenced
this issue
Mar 23, 2022
Ensures that yarn will only install 1.2.6 or newer versions for minimist. The proper fix would be to have the dependencies issue releases which upgrade their own (transitive) dependencies of minimist so that we don't have to explicitly force it here, but at the time of this writing these upgrades in our direct dependencies are just not available yet. Fixes #1943 Signed-off-by: Peter Somogyvari <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44906
https://github.com/substack/minimist/commit/ef88b9325f77b5ee643ccfc97e2ebda577e4c4e2
Please use version 1.2.6 or later:
The text was updated successfully, but these errors were encountered: