critical dependency update: async and minimist

claudiajs / claudia

Deploy Node.js projects to AWS Lambda and API Gateway easily

https://claudiajs.com

MIT License

3.8k stars 274 forks source link

critical dependency update: async and minimist #235

Open HayesData opened 2 years ago

HayesData commented 2 years ago

updated async and minimist dependencies, previous versions had serious vulnerabilities

itspoma commented 2 years ago

Voting +1 to merge this PR.

minimist  <1.2.6
Severity: critical
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
fix available via `npm audit fix`
node_modules/claudia/node_modules/minimist

itspoma commented 2 years ago

Hey @gojko could you please take a look at this PR? It helps to solve 1 critical vuln on dependencies. Cheers.