search

engineerd / configurator

Cross-platform GitHub Action to download, extract, and add to path statically compiled tools
https://radu-matei.com/blog/github-action-cross-plat-configure-tools/
MIT License
27 stars 13 forks source link

Update vulnerable `minimist` dev dependency #6

Closed radu-matei closed 4 years ago

radu-matei commented 4 years ago

Note that this is a vulnerability of a dev dependency, so no vulnerable packages are part of the action when executed in production.

We should mitigate this nonetheless.

See CVE-2020-7598

image