You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, @raymondfeng, a vulnerability CVE-2020-7598 is introduced in strong-globalize-cli via:
● strong-globalize-cli@7.1.0 ➔ optimist@0.6.1 ➔ minimist@0.0.10
optimist is a legacy package. It has not been maintained for about 8 years, and is not likely to be updated.
Is it possible to migrate optimist to other package to remediate this vulnerability?
I noticed several migration records for optimist in other js repos, such as
in handlebars, version 4.7.3-->4.7.4, migrate optimist to yargs via commit
in db-migrate, version 1.0.0-beta.2-->1.0.0-beta.3, migrate optimist to yargs via commit
in http-server, version 0.12.1-->0.12.2, deprecated optimist and directly use minimist via commit
Are there any efforts planned that would remediate this vulnerability or migrate optimist?
Thanks
; )
The text was updated successfully, but these errors were encountered:
Hi, @raymondfeng, a vulnerability CVE-2020-7598 is introduced in strong-globalize-cli via:
● strong-globalize-cli@7.1.0 ➔ optimist@0.6.1 ➔ minimist@0.0.10
optimist is a legacy package. It has not been maintained for about 8 years, and is not likely to be updated.
Is it possible to migrate optimist to other package to remediate this vulnerability?
I noticed several migration records for optimist in other js repos, such as
Are there any efforts planned that would remediate this vulnerability or migrate optimist?
Thanks
; )
The text was updated successfully, but these errors were encountered: