After installing express-handlebars and running "npm audit", I'm getting a "low severity vulnerability" warning for minimist. npm says: "Patched in >=0.2.1 <1.0.0 || >=1.2.3"
https://npmjs.com/advisories/1179
So I upgraded to minimist v1.2.5 but I'm still getting the security warning.
"@jimp/core": {
"version": "0.8.5",
"resolved": "https://registry.npmjs.org/@jimp/core/-/core-0.8.5.tgz",
"integrity": "sha512-Jto1IdL5HYg7uE15rpQjK6dfZJ6d6gRjUsVCPW50nIfXgWizaTibFEov90W9Bj+irwKrX2ntG3e3pZUyOC0COg==",
"requires": {
"@jimp/utils": "^0.8.5",
"any-base": "^1.1.0",
"buffer": "^5.2.0",
"core-js": "^2.5.7",
"exif-parser": "^0.1.12",
"file-type": "^9.0.0",
"load-bmfont": "^1.3.1",
"mkdirp": "0.5.1",
"phin": "^2.9.1",
"pixelmatch": "^4.0.2",
"tinycolor2": "^1.4.1"
},
"dependencies": {
"file-type": {
"version": "9.0.0",
"resolved": "https://registry.npmjs.org/file-type/-/file-type-9.0.0.tgz",
"integrity": "sha512-Qe/5NJrgIOlwijpq3B7BEpzPFcgzggOTagZmkXQY4LA6bsXKTUstK7Wp12lEJ/mLKTpvIZxmIuRcLYWT6ov9lw=="
},
"mkdirp": {
"version": "0.5.1",
"resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.1.tgz",
"integrity": "sha1-MAV0OOrGz3+MR2fzhkjWaX11yQM=",
"requires": {
"minimist": "^0.0.8"
},
"dependencies": {
"minimist": {
"version": "^0.0.8",
"resolved": "https://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz",
"integrity": "sha1-hX/Kv8M5fSYluCKCYuhqp6ARsF0="
}
}
}Upgrade the minimist in the npm and follow the below steps
Don't run above snippet
Check the highlighted image @ https://i.stack.imgur.com/0B0bq.png
I solved mine while going through all the minimist on my package-lock.json file
In my own case mkdir was requiring minimist.
The minimist was degraded and it's required, so i went on adding "^" (as indicated in the attached code) to the version of the minimist for both file requiring minimist. then the dependencies requiring minimist can go for the latest version of minimist other than the 0.0.8 version of minimist
