NSP check is reporting vulnerability on latest Webpack package. #63
Comments
|
in that case it can be closed? @ev1stensberg |
|
That's not for me to decide |
|
The problem is that |
|
Is there an update on this by any chance? Looks like the issue in
|
|
@stoikerty hm, why don't update |
|
Any news about this issue? Just started a new repo with fresh webpack setup and github is notifying me with the vulnerability issue on Hoek v2.16.3 in package lock dependencies. Should I just ignore it at the moment? |
|
Could you try to open an issue at the Hawk repository? |
|
@lysla looks you use |
|
@evilebottnawi i did not install webpack globally, i installed it in the local directory of a new project, was a fresh install. i will try to update (?) as in uninstall - re-install... |
|
@lysla yes, we every day install and reinstall |
|
@evilebottnawi i did reinstall and then checked on packagelock deps, it turns out for me this was related to node-sass and not actually webpack, they currently have an open issue here sass/node-sass#2355 - waiting for node-sass v5 to be realeased then... sorry for the trouble ;) |
Do you want to request a feature or report a bug?
What is the current behavior?
If the current behavior is a bug, please provide the steps to reproduce.
What is the expected behavior?
If this is a feature request, what is motivation or use case for changing the behavior?
Please mention other relevant information such as the browser version, Node.js version, webpack version, and Operating System.
Just executed the nsp check command on my project and it is reporting a vulnerability on latest webpack package due to a downstream dependency on the module hoek.
Please refer the link from node security: https://nodesecurity.io/advisories/566
Path: webpack >> watchpack@1.4.0>>chokidar@1.7.0>>fsevents@1.1.3>>node-pre-gyp@0.6.39>>hawk>>hoek
This issue was moved from webpack/webpack#6513 by @evilebottnawi. Orginal issue was by @sneharghya.
The text was updated successfully, but these errors were encountered: