goatandsheep / rc

The non-configurable configuration loader for lazy people.
https://www.npmjs.com/package/run-con
Other
7 stars 1 forks source link

CVE-2021-44906 due to dependency on `minimist-1.2.5` #18

Closed meem closed 2 years ago

meem commented 2 years ago

Our vulnerability tracking software has flagged that run-con-1.2.0 has CVE-2021-44906 because it depends onminimist-1.2.5.

Now that minimist-1.2.6 is available, suggest bumping to minimist-1.2.6 in package.json and publishing run-con-1.2.1.

github-actions[bot] commented 2 years ago

Hey, thank you for opening this issue! 🙂 To boost priority on this issue and support open source please tip the team at https://issuehunt.io/r/goatandsheep/rc/issues/18

goatandsheep commented 2 years ago

should be solved in version 1.2.11

meem commented 2 years ago

Thanks!