Hi, a vulnerability CVE-2020-7598 is introduced in node-windows@1.0.0-beta.5 via:
node-windows@1.0.0-beta.5 ➔ optimist@0.6.1 ➔ minimist@0.0.10.
However, optimist is a legacy package, which has not been maintained for about 8 years.
Is it possible to migrate optimist to other package to remediate this vulnerability?
I noticed several migration records in other js repo for optimist:
in handlebars, version 4.7.3-->4.7.4, migrate optimist to yargs via commit
in db-migrate, version 1.0.0-beta.2-->1.0.0-beta.3, migrate optimist to yargs via commit
in http-server, version 0.12.1-->0.12.2, deprecated optimist and directly use minimist via commit
Hi, a vulnerability CVE-2020-7598 is introduced in node-windows@1.0.0-beta.5 via:
node-windows@1.0.0-beta.5 ➔ optimist@0.6.1 ➔ minimist@0.0.10
.However, optimist is a legacy package, which has not been maintained for about 8 years. Is it possible to migrate optimist to other package to remediate this vulnerability?
I noticed several migration records in other js repo for optimist:
Thanks.