'CVE-2021-44906 Prototype Pollution in minimist
Github dependabot found potential security vulnerabilities in My dependencies.
- Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).
I don't know how to fix it. What should I do?
Solution 1:[1]
Origin: https://github.com/substack/minimist/issues/164
Fix Resolution: minimist - 1.2.6
Install npm-force-resolutions:
npx npm-force-resolutions
then Add field resolutions with the dependency version you want to fix to your package.json file. It modifies package-lock.json to force the installation of a specific version of a transitive dependency.
"resolutions": {
"minimist": "1.2.6"
}
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | JSuar |