Closed ayaka-kms closed 2 years ago
sinedied
commented
2 years ago You're completely right, in most of my other projects I use minimist directly so I've failed to notice. I would be fine with migrating to either minimist or yargs, both are solid choices.
ayaka-kms
commented
2 years ago @sinedied Thanks for your answer.
sinedied
commented
2 years ago :tada: This issue has been resolved in version 3.0.1 :tada:
The release is available on:
Your semantic-release bot :package::rocket:
Hi, a vulnerability CVE-2020-7598 is introduced in hads@3.0.0 via: ● hads@3.0.0 ➔ optimist@0.6.1 ➔ minimist@0.0.10
However, optimist is a legacy package, which has not been maintained for about 8 years. Is it possible to migrate optimist to other package to remediate this vulnerability?
I noticed several migration records in other js repo for optimist:
Thanks.