'Minimist vulnerability
We are facing critical vulnerability in minimist which is added as transitive dependency.
+-- [email protected]
| +-- [email protected]
| | `-- [email protected]
We tried to resolve this using couple of methods recommended on multiple forums but still no luck. Any pointers will help.
Method 1 Resolutions
Changes in package.json file
"scripts": {
"preinstall": "npx npm-force-resolutions"
}
"resolutions": {
"minimist": "1.2.6"
}
Method 2 Overrides
"overrides": {
"ember-cli": {
"bower-config": {
"minimist": "1.2.6"
}
}
}
NPM Version 8.1.2
Solution 1:[1]
Had same problem(with older ember but still). For yarn something like this did the trick:
"resolutions": {
"ember-cli/bower-config/minimist": "1.2.6"
}
Equivalent in npm would be be overrides field available from npm 8.3.0. It should look something like this:
"overrides": {
"minimist": "1.2.6"
}
or
"overrides": {
"ember-cli": {
"bower-config": {
"minimist": "1.2.6"
}
}
}
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Godric |