DependencyCheck Is there a wrong message about "minimist:1.2.6"?

Is there a wrong message about "minimist:1.2.6"?

Open NPC-RX opened this issue 2 years ago • 1 comments

In a recent dependency check, we noticed a puzzling report. The version of "minimist" mentioned in the screenshot that is vulnerable is before 1.2.6, and minimist 1.2.6 does not indicate the existence of vulnerabilities. Is this a wrong message? dependencycheckversion reportissues-minimist1 reportissues-minimist2

Jun 10 '22 01:06 NPC-RX

please try with a currently supported version eg 7.1.0 and not one more than a year old

Jun 10 '22 09:06 mprins

DependencyCheck DependencyCheck copied to clipboard

Is there a wrong message about "minimist:1.2.6"?

DependencyCheck
DependencyCheck copied to clipboard