From 4cf1354839cb972e38496d35e12f806eea92c11f Mon Sep 17 00:00:00 2001
From: substack <substack@bits.coop>
Date: Wed, 11 Mar 2020 09:24:47 -1000
Subject: [PATCH] security notice

---
 readme.markdown | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/readme.markdown b/readme.markdown
index c58e258..5fd97ab 100644
--- a/readme.markdown
+++ b/readme.markdown
@@ -29,6 +29,13 @@ $ node example/parse.js -x 3 -y 4 -n5 -abc --beep=boop foo bar baz
   beep: 'boop' }
 ```
 
+# security
+
+Previous versions had a prototype pollution bug that could cause privilege
+escalation in some circumstances when handling untrusted user input.
+
+Please use version 1.2.3 or later: https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
+
 # methods
 
 ``` js