[Snyk Med]Prototype Pollution introduced in minimist (Due 06/16/2020)

fecgov / openFEC

The first RESTful API for the Federal Election Commission. We're aiming to make campaign finance more accessible for journalists, academics, developers, and other transparency seekers.

https://api.open.fec.gov/developers

Other

480 stars 106 forks source link

[Snyk Med]Prototype Pollution introduced in minimist (Due 06/16/2020) #4308

Closed pkfec closed 4 years ago

pkfec commented 4 years ago

Description: Prototype Pollution Info: https://app.snyk.io/vuln/SNYK-JS-MINIMIST-559764 Introduced through: swagger-tools@0.10.4

Remediation: Upgrade minimist to version 0.2.1, 1.2.3 or higher.

Completion criteria:

[ ] Upgrade minimist to version 0.2.1, 1.2.3 or higher.

pkfec commented 4 years ago

(api377) macadmins-mbp-5:openFEC pkasireddy$ snyk test minimist

Testing minimist...

Organization: fecgov Package manager: npm Open source: yes Project path: minimist

✓ Tested minimist for known vulnerabilities, no vulnerable paths found.

pkfec commented 4 years ago

minimist pkg is not flagged as vulnerable on the develop branch anymore. minimist pkg version is 1.2.5 here: https://github.com/fecgov/openFEC/blob/develop/package-lock.json#L5958

No action needed. Closing this issue.