Skip to content

Fix security vulnerability GHSA-vh95-rmgr-6w4m. #622

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
thornjad merged 2 commits into from
Apr 27, 2020
Merged

Fix security vulnerability GHSA-vh95-rmgr-6w4m. #622

thornjad merged 2 commits into from
Apr 27, 2020

Conversation

@adunkman
Copy link
Contributor

@adunkman adunkman commented Apr 9, 2020
edited by thornjad
Loading

Please ensure that your pull request fulfills these requirements:

  • The pull request is being made against the master branch
  • Tests for the changes have been added (for bug fixes / features)

What is the purpose of this pull request? (bug fix, enhancement, new feature,...)

Fixes GHSA-vh95-rmgr-6w4m present in versions of minimist before 1.2.2.

What changes did you make?

  • optimist is deprecated and suggests using minimist directly or using yargs. It seemed relatively straightforward to use minimist directly here.
  • I was able to resolve the remaining reference to an outdated version of minimist by upgrading a sub-dependency, mkdirp.

Is there anything you'd like reviewers to focus on?

It doesn’t look like there are a ton (any?) tests associated with the command-line interface specifically. I ran it a few times and it seems to work as expected, but that’s something to keep an eye out for when reviewing.

Fixes #614

This was referenced Apr 9, 2020
Closed
Merged
@adunkman
Copy link
Contributor Author

adunkman commented Apr 10, 2020

Looks like Travis had an error reporting the build status to GitHub — the build has completed successfully on Travis.

@thornjad for your review when, well, other priorities permit. Hope you’re healthy and holding up okay! ❤️

@thornjad thornjad self-requested a review April 13, 2020 14:53
@thornjad thornjad added this to the v0.12.2 milestone Apr 13, 2020
@briandelancey

This comment has been minimized.

Sign in to view
@thornjad thornjad added dependencies Pull requests that update a dependency file high priority Very important bug or security fix minor version non-breaking, non-trivial change staged labels Apr 27, 2020
@thornjad thornjad merged commit 943c609 into http-party:master Apr 27, 2020
@karlhorky karlhorky mentioned this pull request Apr 27, 2020
Closed
@thornjad thornjad mentioned this pull request Oct 6, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@thornjad thornjad thornjad approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file high priority Very important bug or security fix minor version non-breaking, non-trivial change

Projects

None yet

Milestone

v0.12.2

Development

Successfully merging this pull request may close these issues.

Replace optimist with minimist

3 participants

@adunkman @briandelancey @thornjad