Description
Is there an existing issue for this?
- I have searched the existing issues
Current behavior
Running pnpm audit in my project results in
┌─────────────────────┬───────────────────────────────────────────────────┐
│ high │ Prototype Pollution in minimist │
├─────────────────────┼───────────────────────────────────────────────────┤
│ Package │ minimist │
├─────────────────────┼───────────────────────────────────────────────────┤
│ Vulnerable versions │ <=1.2.5 │
├─────────────────────┼───────────────────────────────────────────────────┤
│ Patched versions │ <0.0.0 │
├─────────────────────┼───────────────────────────────────────────────────┤
│ More info │ https://github.com/advisories/GHSA-xvch-5gv4-984h │
└─────────────────────┴───────────────────────────────────────────────────┘
1 vulnerabilities found
Severity: 1 highMinimum reproduction code
really needed?
Steps to reproduce
pnpm add -D @nestjs/cli(8.2.4)pnpm audit
Expected behavior
No vulnerabilities that are reported as >= high.
As this is a devDependencies our CI/CD is blocked until this is not reported anymore, at least until it is lower as high.
Package version
8.2.4
NestJS version
8.4.2
Node.js version
v16.14.0
In which operating systems have you tested?
- macOS
- Windows
- Linux
Other
> pnpm why minimist
Legend: production dependency, optional only, dev only
dependencies:
@nestjs/apollo 10.0.7
├─┬ @nestjs/core 8.4.2 peer
│ └─┬ @nestjs/platform-express 8.4.2 peer
│ └─┬ multer 1.4.4
│ └─┬ mkdirp 0.5.5
│ └── minimist 1.2.6
└─┬ @nestjs/graphql 10.0.7 peer
└─┬ @nestjs/core 8.4.2 peer
└─┬ @nestjs/platform-express 8.4.2 peer
└─┬ multer 1.4.4
└─┬ mkdirp 0.5.5
└── minimist 1.2.6
@nestjs/core 8.4.2
└─┬ @nestjs/platform-express 8.4.2 peer
└─┬ multer 1.4.4
└─┬ mkdirp 0.5.5
└── minimist 1.2.6
@nestjs/graphql 10.0.7
└─┬ @nestjs/core 8.4.2 peer
└─┬ @nestjs/platform-express 8.4.2 peer
└─┬ multer 1.4.4
└─┬ mkdirp 0.5.5
└── minimist 1.2.6
@nestjs/platform-express 8.4.2
└─┬ multer 1.4.4
└─┬ mkdirp 0.5.5
└── minimist 1.2.6
devDependencies:
@nestjs/cli 8.2.4
├─┬ @angular-devkit/schematics-cli 13.3.0
│ └── minimist 1.2.5
├─┬ tsconfig-paths 3.14.0
│ ├─┬ json5 1.0.1
│ │ └── minimist 1.2.6
│ └── minimist 1.2.6
└─┬ tsconfig-paths-webpack-plugin 3.5.2
└─┬ tsconfig-paths 3.14.0
├─┬ json5 1.0.1
│ └── minimist 1.2.6
└── minimist 1.2.6
@nestjs/testing 8.4.2
├─┬ @nestjs/core 8.4.2 peer
│ └─┬ @nestjs/platform-express 8.4.2 peer
│ └─┬ multer 1.4.4
│ └─┬ mkdirp 0.5.5
│ └── minimist 1.2.6
└─┬ @nestjs/platform-express 8.4.2 peer
└─┬ multer 1.4.4
└─┬ mkdirp 0.5.5
└── minimist 1.2.6
tsconfig-paths 3.14.0
├─┬ json5 1.0.1
│ └── minimist 1.2.6
└── minimist 1.2.6