This repository has been archived by the owner on May 6, 2019. It is now read-only.
Currently using vulnerable version of hapijs/hoek #1
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
The hapijs/hoek package has a security release and we should use 5.0.3+ or 4.2.1+.
https://github.com/hapijs/hoek
Following the dependency tree up we arrive at the node-sass package, which won't commit the change in their current version as it will be a breaking change.
They are making the switch in v5. When that is released we should update.
See sass/node-sass#2111 & sass/node-sass#2355
Since this is just used for sass compilation, it only potentially affects our development environments, but we should update as soon as we can.
The text was updated successfully, but these errors were encountered: