You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A current dependency, hoek version 2.16.1, has a moderate level vulnerability (MAID exploit) listed in the CVE database, which extends to repositories which rely on electron-acrylic as a dependency.
hoek should be updated to at least version 5.0.3 to resolve this issue
The text was updated successfully, but these errors were encountered:
It appears so. running npm audit throws a wobbly and displays the vulnerability 4 times. I cannot find the files it links to, nor is hoek in my package-lock.json, despite node-gyp being there, and there is no other dependency (other than electron itself) so it cannot be another package causing this. Both github and npm pick up on this.
After cloning the repo and checking the audit, node-gyp has a SECOND moderate vuln from a dependency, stringstream. I have attached the screenshot along with the rest.
this appears to be a known issue on hoek, having multiple issues deal with the exact same thing: hoek showing up as vulnerable, but not found in any files. I will attempt to use the fix provided of installing then removing hoek, then doing an update
A current dependency,
hoek
version2.16.1
, has a moderate level vulnerability (MAID exploit) listed in the CVE database, which extends to repositories which rely onelectron-acrylic
as a dependency.hoek
should be updated to at least version5.0.3
to resolve this issueThe text was updated successfully, but these errors were encountered: