patch high vunerability on transitive development dependency - Githubissues

meszaros-lajos-gyorgy / minimist-lite

parse argument options

Other

15 stars 3 forks source link

patch high vunerability on transitive development dependency #17

Closed micalevisk closed 2 years ago

micalevisk commented 2 years ago

npm audit report

cached-path-relative  <1.1.0
Severity: high
Prototype Pollution in cached-path-relative - https://github.com/advisories/GHSA-wg6g-ppvx-927h
fix available via `npm audit fix`
node_modules/cached-path-relative

1 high severity vulnerability

minimist-lite@2.2.0 /tmp/minimist-lite
└─┬ covert@1.1.1
  └─┬ browserify@16.5.2
    ├── cached-path-relative@1.0.2
    └─┬ module-deps@6.2.3
      └── cached-path-relative@1.0.2 deduped

solution

npm audit fix

will touch the lock file.