You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Oct 3, 2023. It is now read-only.
Please answer these questions before submitting a bug report.
What version of OpenCensus are you using?
0.0.20
What version of Node are you using?
10.15.1
What did you do?
Run
npm installfor my application, then runnpm ls minimistWhat did you expect to see?
opencensus-node should only depend on packages that do not contain vulnerabilities.
What did you see instead?
Here's the dependency graph:
+-- @opencensus/nodejs@0.0.20
|
-- @opencensus/instrumentation-all@0.0.20 |-- @opencensus/instrumentation-grpc@0.0.20|
-- grpc@1.24.2 |-- node-pre-gyp@0.14.0| +-- mkdirp@0.5.1
| |
-- minimist@0.0.8 |-- rc@1.2.8| `-- minimist@1.2.0
Additional context
minimist v0.0.8 and minimist v1.2.0 contain a vulnerability - see https://vuln.whitesourcesoftware.com/vulnerability/CVE-2020-7598/