Github dependabot found potential security vulnerabilities in My dependencies.
- Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).
I don't know how to fix it. What should I do?
Asked
Active
Viewed 7,667 times
9
cat_yu
- 93
- 1
- 4
1 Answers
7
Origin: https://github.com/substack/minimist/issues/164
Fix Resolution: minimist - 1.2.6
Install npm-force-resolutions:
npx npm-force-resolutions
then Add field resolutions with the dependency version you want to fix to your package.json file. It modifies package-lock.json to force the installation of a specific version of a transitive dependency.
"resolutions": {
"minimist": "1.2.6"
}
JSuar
- 21,056
- 4
- 39
- 83
Shubham Jain
- 86
- 2
-
origin: https://github.com/substack/minimist/issues/164 – Shubham Jain Mar 25 '22 at 11:36
-
I had to run `npx npm-force-resolutions` after modifying package.json – Arnoud Kooi May 20 '22 at 19:45