Skip to content

Update npm on all supported release lines to address CVE scored 9.8 in minimist package #32296

Closed
Closed
Update npm on all supported release lines to address CVE scored 9.8 in minimist package#32296
Labels
npmIssues and PRs related to the npm client dependency or the npm registry.
@mleneveut

Description

@mleneveut
mleneveut
opened on Mar 16, 2020

Is your feature request related to a problem? Please describe.
The package mkdir 0.5.1 contains a dependency to minimist 0.0.8, which has the CVE-2020-7598, scored 9.8

Describe the solution you'd like
Remove the package mkdirp or find a maintained alternative.

Others

node -v
v12.16.1

npm -v
6.13.4

list mkdirp
[email protected] /usr/lib/node_modules/npm
+-- [email protected]
| `-- [email protected]  deduped
+-- [email protected]
| `-- [email protected]  deduped
+-- [email protected]
| `-- [email protected]  deduped
+-- [email protected]
| `-- [email protected]  deduped
+-- [email protected]
+-- [email protected]
| +-- [email protected]
| | `-- [email protected]  deduped
| `-- [email protected]  deduped
+-- [email protected]
| `-- [email protected]  deduped
+-- [email protected]
| `-- [email protected]  deduped
`-- [email protected]
  `-- [email protected]  deduped

Metadata

Metadata

Assignees

No one assigned

    Labels

    npmIssues and PRs related to the npm client dependency or the npm registry.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions