search

coreybutler / node-windows

Windows support for Node.JS scripts (daemons, eventlog, UAC, etc).
Other
2.81k stars 356 forks source link

Vulnerability in Minimist #273

Closed shawnemhe closed 2 years ago

shawnemhe commented 4 years ago

Npm audit is finding a vulnerability in the minimist package. This is coming through as a dependency of optimist. That package currently has a deprecation notice and is not likely to be updated. The package owner recommends using minimist directly, or nomnom.

Are there any efforts planned that would remediate this vulnerability?

DevRCRun commented 4 years ago

Snyk is flagging this for us too. There are some pull requests open to resolve, might be an idea to vote on the one you agree with

https://github.com/coreybutler/node-windows/pull/267 https://github.com/coreybutler/node-windows/pull/263

shawnemhe commented 4 years ago

@DevRCRun, I'll take a look at the PRs.

coreybutler commented 3 years ago

267 is the one I will merge once it has been tested.

seidhkona commented 3 years ago

Any plans on merging this anytime soon? Thanks!

coreybutler commented 2 years ago

Resolved with PR #267.