sass-lint warns about a security vulnerability in minimist package (dependency) #1306
Description
To Reproduce
Steps to reproduce the behavior:
run npm audit with sass-lint latest version installed
Expected behavior
npm does not report any security vulnerabilities when sass-lint is defined in package.json.
Achievable if minimist is upgraded to >=1.2.3
What version of Sass Lint are you using?
1.12.1
What did you do? Please include the actual source code causing the issue
run npm audit with sass-lint latest version installed.
you will get a below report
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low │ Prototype Pollution │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ minimist │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >=0.2.1 <1.0.0 || >=1.2.3 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ sass-lint [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ sass-lint > gonzales-pe-sl > minimist │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/1179 │
└───────────────┴──────────────────────────────────────────────────────────────┘
What did you expect to happen?
npm does not report any security vulnerabilities when sass-lint is defined in package.json.
Achievable if minimist is upgraded to >=1.2.3