From ef88b9325f77b5ee643ccfc97e2ebda577e4c4e2 Mon Sep 17 00:00:00 2001
From: substack <substack@bits.coop>
Date: Mon, 21 Mar 2022 16:45:32 -1000
Subject: [PATCH] security notice for additional prototype pollution issue

---
 readme.markdown | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/readme.markdown b/readme.markdown
index 5fd97ab..859d1ab 100644
--- a/readme.markdown
+++ b/readme.markdown
@@ -34,7 +34,10 @@ $ node example/parse.js -x 3 -y 4 -n5 -abc --beep=boop foo bar baz
 Previous versions had a prototype pollution bug that could cause privilege
 escalation in some circumstances when handling untrusted user input.
 
-Please use version 1.2.3 or later: https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
+Please use version 1.2.6 or later:
+
+* https://security.snyk.io/vuln/SNYK-JS-MINIMIST-2429795 (version <=1.2.5)
+* https://snyk.io/vuln/SNYK-JS-MINIMIST-559764 (version <=1.2.3)
 
 # methods