search

rails / webpacker

Use Webpack to manage app-like JavaScript modules in Rails
MIT License
5.31k stars 1.47k forks source link

Security Vulnerability in minimist@0.0.8 #3287

Closed nwarwick closed 2 years ago

nwarwick commented 2 years ago

Dependabot notified me about a critical security warning (9.8/10 in terms of severity) in minimist@0.0.8 which is required through the transitive dependency on mkdirp@0.5.1.

Screen Shot 2022-06-24 at 9 38 07 AM
rafaelfranca commented 2 years ago

Can't you upgrade in your app? None of the webpacker dependencies force you to use that version of minimist.

rafaelfranca commented 2 years ago

Yeah. You definitely can. Nothing in webpacker prevents you to upgrade.