We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reference: https://nvd.nist.gov/vuln/detail/CVE-2018-3728
There is a vulnerability in the hoek package, which is a development dependency:
+-- coveralls@3.0.0 | `-- request@2.85.0 | +-- hawk@6.0.2 | | | `-- hoek@4.2.0 | | | `-- boom@5.2.0 | | | `-- hoek@4.2.0 | | +-- hoek@4.2.0 | | `-- sntp@2.1.0 | | `-- hoek@4.2.0
Nota that request is using an old version of hawk@6.0.2: request/request#2926
The text was updated successfully, but these errors were encountered:
Update dependencies.
8dffb8c
Most important update is to exclude hoek@4.2.0. Related issue: #9
Most important update is to exclude hoek@4.2.0.
8a50468
Related issue: Borewit/strtok3#9
Update strtok3, to ensure to exclude hoek vulnerability: Borewit/strt…
12372a9
…ok3#9
Removed explicit requirement for hoek version 4.2.1,
1167713
it's already taking that safe version. Ref: #9. Update dependencies of strtok3 & token-types
Version number to 1.4.2
371aafe
#9: Update dependencies.
No branches or pull requests
Reference: https://nvd.nist.gov/vuln/detail/CVE-2018-3728
There is a vulnerability in the hoek package, which is a development dependency:
Nota that request is using an old version of hawk@6.0.2: request/request#2926
The text was updated successfully, but these errors were encountered: