agnoster / base32-js

Base32 encoding for JavaScript, based (loosely) on Crockford's Base32
https://github.com/agnoster/base32-js
MIT License
121 stars 61 forks source link

Update the optimist package to mitigate security vulnerability #27

Closed Jelle-vz closed 2 years ago

Jelle-vz commented 2 years ago

Could you please update (or swap out because of deprecation notice) optimist?

Id Module Title Path Sev. Url
1067342 minimist Prototype Pollution in minimist optimist>minimist critical https://github.com/advisories/GHSA-xvch-5gv4-984h
1070255 minimist Prototype Pollution in minimist optimist>minimist moderate https://github.com/advisories/GHSA-vh95-rmgr-6w4m
agnoster commented 2 years ago

Just pushed a new update replacing optimist with minimist^0.2.6, hopefully that should resolve the issue.

Didn't know anyone was using this package still! 🤣

Jelle-vz commented 2 years ago

Haha, nice! Thanks a lot!

Jelle-vz commented 2 years ago

Haha, nice! Thanks a lot!

On Tue, Sep 27, 2022 at 4:35 AM Isaac Wolkerstorfer < @.***> wrote:

Just pushed a new update replacing optimist with minimist^0.2.6, hopefully that should resolve the issue.

Didn't know anyone was using this package still! 🤣

— Reply to this email directly, view it on GitHub https://github.com/agnoster/base32-js/issues/27#issuecomment-1258887039, or unsubscribe https://github.com/notifications/unsubscribe-auth/AENQHJI3BT2KHPJGQK5IAZDWAJMNRANCNFSM6AAAAAAQMNVFWI . You are receiving this because you authored the thread.Message ID: @.***>