Closed nemeseri closed 2 years ago
Mkdirp 0.5.5 uses minimist as a dependency and 1.2.5 has a vulnerability: Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).
I think mkdirp should be updated to v1
closing see #131 and https://github.com/http-party/node-portfinder/pull/127
Mkdirp 0.5.5 uses minimist as a dependency and 1.2.5 has a vulnerability: Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).