Please update mkdirp from 0.5.5 to 0.5.6

http-party / node-portfinder

A simple tool to find an open port or domain socket on the current machine

https://github.com/http-party/node-portfinder

Other

882 stars 95 forks source link

Please update mkdirp from 0.5.5 to 0.5.6 #125

Closed nemeseri closed 2 years ago

nemeseri commented 2 years ago

Mkdirp 0.5.5 uses minimist as a dependency and 1.2.5 has a vulnerability: Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).

ChocolateLoverRaj commented 2 years ago

I think mkdirp should be updated to v1

eriktrom commented 2 years ago

closing see #131 and https://github.com/http-party/node-portfinder/pull/127