Vulnerability in Hoek dependency from npm audit
TmNguyen12 opened this issue · comments
https://nodesecurity.io/advisories/566
Current dependency is hoek 2.16.3. It's patched in version 5.0.3. Can we update this version of hoek int the dependency?
Thanks!
As well as tunnel-agent
dependency https://nodesecurity.io/advisories/598
Thanks!
+1 for this. Thanks in advance.
+1 also for this. Commenting to raise awareness. Thanks in advance.
It seems there's a whole chain of sub-dependencies blocking this issue. As far as I can tell, we should direct our attention here: nodejs/node-gyp#1492.
OK I did an audit and the only vulnerabilities are from node-sass which node-sass-chokidar depends on, so until they can resolve on their end then there isn't much to do. but I assure you none of the vulnerabilities are high-priority