CVE-2021-44906 Prototype Pollution in minimist

About

Asked 22/3, 2022 at 9:46 Answered 23/3, 2022 at 13:12

Solved dependabot minimist

Github dependabot found potential security vulnerabilities in My dependencies.

Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).

I don't know how to fix it. What should I do?

Turnover answered 22/3, 2022 at 9:46 Comment(0)

Origin: https://github.com/substack/minimist/issues/164

Fix Resolution: minimist - 1.2.6

Install npm-force-resolutions:

npx npm-force-resolutions

then Add field resolutions with the dependency version you want to fix to your package.json file. It modifies package-lock.json to force the installation of a specific version of a transitive dependency.

"resolutions": {
    "minimist": "1.2.6"
}

Indican answered 23/3, 2022 at 13:12 Comment(4)

origin: github.com/substack/minimist/issues/164 – Indican 25/3, 2022 at 11:36

I had to run npx npm-force-resolutions after modifying package.json – Sanjak 20/5, 2022 at 19:45

You can find some more background information on this here - what are resolutions and why do you need them? – Parapsychology 14/11, 2023 at 8:50

See also here: minimist-vulnerability – Parapsychology 14/11, 2023 at 10:10

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags