Skip to content

Update mkdirp@0.5.1 to mkdirp@1.0.3 because of dependency vulnerability #61

New issue
New issue
Closed
Closed
Update mkdirp@0.5.1 to mkdirp@1.0.3 because of dependency vulnerability#61
@szaboge

Description

@szaboge
szaboge
opened on Mar 12, 2020

Need to update mkdirp dependency, because of 0.5.1 version's dependency affected prototype pollution.

snyk detected the vulnerability.

Issues with no direct upgrade or patch:
  ✗ Prototype Pollution [Medium Severity][https://snyk.io/vuln/SNYK-JS-MINIMIST-559764] in minimist@1.2.0
    introduced by codeceptjs-resemblehelper@1.9.0 > mkdirp@0.5.1 > minimist@0.0.8 and 6 other path(s)
  This issue was fixed in versions: 1.2.2

https://snyk.io/vuln/SNYK-JS-MINIMIST-559764

Please upgrade mkdirp to 1.0.3, what no use minimists.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions