You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm getting a dependabot alert for minimist < 0.2.1: CVE-2020-7598.
Currently, ejs-cli depends on optimist 0.6.1, which depends on minimist 0.0.10.
Optimist appears to have been abandoned, and has a deprecation notice directing users to yargs or nomnom.
You may want to consider replacing optimist with yargs. While it's not a trivial change, it doesn't look too complex — I made an attempt on a fork of this repository, but ejs-cli has stopped working in my project, so I can't test it properly.
The text was updated successfully, but these errors were encountered:
I'm getting a dependabot alert for minimist < 0.2.1: CVE-2020-7598.
Currently, ejs-cli depends on optimist 0.6.1, which depends on minimist 0.0.10.
Optimist appears to have been abandoned, and has a deprecation notice directing users to yargs or nomnom.
You may want to consider replacing optimist with yargs. While it's not a trivial change, it doesn't look too complex — I made an attempt on a fork of this repository, but ejs-cli has stopped working in my project, so I can't test it properly.
The text was updated successfully, but these errors were encountered: