Known vulnerability in hoek module used #4220
Comments
|
The fix was back ported from 5.0.3 to 4.2.1 FYI. |
|
The request package depends on it, and is in the process of updating their dependency. |
|
Figured. It’s a recently known vulnerability (3/30/18).
|
|
Issue tracked in the dependent package. |
|
Why close this now? Why not close when the dependent package is incorporated into pxt-core? How is this now being tracked? |
|
Admin pages of github has list of vulnerability for that repo only visible to administrator. We don’t need to track this as a issue. |
|
Looks like the hoek vulnerability alert was a mistake on Github's part. hoek v4 is fine. see hapijs/hoek#247 (comment) for more details |
|
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Known vulnerability in used module.
CVE-2018-3728
Moderate severity
hoek node module before 5.0.3 or 4.2.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via...
package-lock.json update suggested:
hoek ~> 5.0.3
The text was updated successfully, but these errors were encountered: