[Security] Bump minimist from 1.2.5 to 1.2.6 (!15) · Merge requests · tools / chat

Dependabot requested to merge dependabot-npm_and_yarn-minimist-1.2.6 into master Jul 18, 2022

Bumps minimist from 1.2.5 to 1.2.6. This update includes a security fix.

Vulnerabilities fixed

Prototype Pollution in minimist Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).

Patched versions: 1.2.6 Affected versions: < 1.2.6

Commits

7efb22a 1.2.6
ef88b93 security notice for additional prototype pollution issue
c2b9819 isConstructorOrProto adapted from PR
bc8ecee test from prototype pollution PR
See full diff in compare view

Dependabot commands

You can trigger Dependabot actions by commenting on this MR

$dependabot rebase will rebase this MR
$dependabot recreate will recreate this MR rewriting all the manual changes and resolving conflicts

[Security] Bump minimist from 1.2.5 to 1.2.6

Merge request reports