search

stereobooster / react-snap

👻 Zero-configuration framework-agnostic static prerendering for SPAs
MIT License
5.04k stars 391 forks source link

Update mkdirp to fix minimist vulnerability #450

Open karlhorky opened 4 years ago

karlhorky commented 4 years ago

Description

mkdirp has been updated to version 0.5.5

https://github.com/isaacs/node-mkdirp/issues/7#issuecomment-600231795

This addresses this prototype pollution vulnerability in minimist:

https://app.snyk.io/vuln/SNYK-JS-MINIMIST-559764

karlhorky commented 4 years ago

@stereobooster what do you think about this one? Can we get it merged?

karlhorky commented 4 years ago

Upgraded to 0.5.5 now :)

doeg commented 2 years ago

Thank you @karlhorky!

I'm evaluating react-snap for https://github.com/vitessio/vitess but this npm audit vulnerability is a blocker, so it'd be great to get this merged if possible. :)