Closed wi-ry closed 3 years ago
Please merge this. The current version of minimist@1.2.0 is flagged security issue by Synk
✗ Prototype Pollution [https://snyk.io/vuln/SNYK-JS-MINIMIST-559764] in minimist@1.2.0 introduced by opencollective@1.0.3 > minimist@1.2.0 This issue was fixed in versions: 0.2.1, 1.2
This package will not receive further update, we suggest to switch to it's replacement, opencollective-postinstall instead, this one doesn't have any dependency.
You can also consider removing the postinstall
altogether, see: https://blog.opencollective.com/beyond-post-install/
Abandoning this PR based on @znarf's comments:
This package will not receive further update, we suggest to switch to it's replacement, opencollective-postinstall instead, this one doesn't have any dependency.
You can also consider removing the
postinstall
altogether, see: https://blog.opencollective.com/beyond-post-install/
See https://www.npmjs.com/advisories/1179