diff --git a/CVE-2020-7598.patch b/CVE-2020-7598.patch
deleted file mode 100644
index 243b746..0000000
--- a/CVE-2020-7598.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 38a4d1caead72ef99e824bb420a2528eec03d9ab Mon Sep 17 00:00:00 2001
-From: substack <substack@bits.coop>
-Date: Tue, 10 Mar 2020 09:08:00 -1000
-Subject: [PATCH] even more aggressive checks for protocol pollution
-
----
- index.js | 13 +++++++++++--
- 1 file changed, 11 insertions(+), 2 deletions(-)
-
-diff --git a/index.js b/index.js
-index 6a0559d..cfdf0a5 100644
---- a/index.js
-+++ b/index.js
-@@ -68,12 +68,21 @@ module.exports = function (args, opts) {
- 
-     function setKey (obj, keys, value) {
-         var o = obj;
--        keys.slice(0,-1).forEach(function (key) {
-+	for (var i = 0; i < keys.length-1; i++) {
-+	    var key = keys[i];
-+	    if (key === '__proto__') return;
-             if (o[key] === undefined) o[key] = {};
-+	    if (o[key] === Object.prototype || o[key] === Number.prototype
-+		|| o[key] === String.prototype) o[key] = {};
-+	    if (o[key] === Array.prototype) o[key] = [];
-             o = o[key];
--        });
-+	}
- 
-         var key = keys[keys.length - 1];
-+	if (key === '__proto__') return;
-+	if (o === Object.prototype || o === Number.prototype
-+	    || o === String.prototype) o = {};
-+	if (o === Array.prototype) o = [];
-         if (o[key] === undefined || flags.bools[key] || typeof o[key] === 'boolean') {
-             o[key] = value;
-         }
--- 
-2.23.0
-
diff --git a/minimist-1.2.0.tgz b/minimist-1.2.0.tgz
deleted file mode 100644
index 49b822d..0000000
Binary files a/minimist-1.2.0.tgz and /dev/null differ
diff --git a/minimist-1.2.6.tgz b/minimist-1.2.6.tgz
new file mode 100644
index 0000000..e5aef3f
Binary files /dev/null and b/minimist-1.2.6.tgz differ
diff --git a/nodejs-minimist.spec b/nodejs-minimist.spec
index 324d9aa..66d2cda 100644
--- a/nodejs-minimist.spec
+++ b/nodejs-minimist.spec
@@ -1,13 +1,12 @@
 %{?nodejs_find_provides_and_requires}
 %global enable_tests 1
 Name:                nodejs-minimist
-Version:             1.2.0
-Release:             2
+Version:             1.2.6
+Release:             1
 Summary:             Parse argument options in Node.js
 License:             MIT
 URL:                 https://github.com/substack/minimist
 Source0:             https://registry.npmjs.org/minimist/-/minimist-%{version}.tgz
-patch0:		     CVE-2020-7598.patch
 BuildArch:           noarch
 ExclusiveArch:       %{nodejs_arches} noarch
 BuildRequires:       nodejs-packaging
@@ -20,8 +19,7 @@ This module is the guts of nodejs-optimist's argument parser without all the
 fanciful decoration.
 
 %prep
-%setup -q -n package
-%patch0 -p1
+%autosetup -n package -p1
 
 %build
 
@@ -37,10 +35,15 @@ cp -pr package.json index.js %{buildroot}%{nodejs_sitelib}/minimist
 
 %files
 %{nodejs_sitelib}/minimist
+%{nodejs_sitelib}/minimist/index.js
+%{nodejs_sitelib}/minimist/package.json
 %doc readme.markdown example
 %license LICENSE
 
 %changelog
+* Wed Apr 13 2022 yaoxin <yaoxin30@h-partners.com> - 1.2.6-1
+- Update minimist to 1.2.6 for fix CVE-2021-44906
+
 * Wed Oct 13 2021 houyingchao <houyingchao@huawei.com> - 1.2.0-2
 - Fix CVE-2020-7598