Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerability in Hoek dependency from npm audit #58

Closed
TmNguyen12 opened this issue May 23, 2018 · 5 comments
Closed

Vulnerability in Hoek dependency from npm audit #58

TmNguyen12 opened this issue May 23, 2018 · 5 comments

Comments

@TmNguyen12
Copy link

https://nodesecurity.io/advisories/566

Current dependency is hoek 2.16.3. It's patched in version 5.0.3. Can we update this version of hoek int the dependency?

Thanks!
@asonni
Copy link

asonni commented May 29, 2018

As well as tunnel-agent dependency https://nodesecurity.io/advisories/598

Thanks!

@mvallerie
Copy link

+1 for this. Thanks in advance.

@ghost ghost mentioned this issue Jun 19, 2018
Closed
@jbwyatt4
Copy link

+1 also for this. Commenting to raise awareness. Thanks in advance.

@ghost
Copy link

ghost commented Jul 13, 2018

It seems there's a whole chain of sub-dependencies blocking this issue. As far as I can tell, we should direct our attention here: nodejs/node-gyp#1492.

@luoto luoto mentioned this issue Jul 18, 2018
Open
@michaelwayman
Copy link
Owner

OK I did an audit and the only vulnerabilities are from node-sass which node-sass-chokidar depends on, so until they can resolve on their end then there isn't much to do. but I assure you none of the vulnerabilities are high-priority

@hideokamoto hideokamoto mentioned this issue Aug 6, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@mvallerie @jbwyatt4 @michaelwayman @asonni @TmNguyen12