Skip to content

[Security] Bump minimist from 1.2.5 to 1.2.6

Dependabot requested to merge dependabot-npm_and_yarn-minimist-1.2.6 into master

Bumps minimist from 1.2.5 to 1.2.6. This update includes a security fix.

Vulnerabilities fixed

Prototype Pollution in minimist Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).

Patched versions: 1.2.6 Affected versions: < 1.2.6

Commits


Dependabot commands
You can trigger Dependabot actions by commenting on this MR
  • $dependabot rebase will rebase this MR
  • $dependabot recreate will recreate this MR rewriting all the manual changes and resolving conflicts

Merge request reports

Loading