search

nasa-jpl / stellar

A CSS implementation of the Stellar design system for spacecraft operation tools.
https://nasa-jpl.github.io/stellar/example/
MIT License
11 stars 6 forks source link

Audit reports critical severity in minimist <1.2.6 #7

Closed wbnns closed 1 year ago

wbnns commented 1 year ago

Steps to replicate: Run npm install @nasa-jpl/stellar --save as instructed in the README Run npm audit

Result:

# npm audit report

minimist  <1.2.6
Severity: critical
Prototype Pollution in minimist - https://github.com/advisories/GHSA-xvch-5gv4-984h
fix available via `npm audit fix`
node_modules/minimist

1 critical severity vulnerability

To address all issues, run:
  npm audit fix

Suggested fix -- run npm audit fix; looks like this will be a simple fix of just bumping the point release. Note npm will also make the updates in #6 if that hasn't been merged.

camargo commented 1 year ago

Will update all dependencies shortly