Update hoek to latest version to mitigate moderate vuln

[arek-kwapis]

A current dependency, hoek version 2.16.1, has a moderate level vulnerability (MAID exploit) listed in the CVE database, which extends to repositories which rely on electron-acrylic as a dependency.

hoek should be updated to at least version 5.0.3 to resolve this issue

[23phy]

Is this repo using hoek on of the dependencies?

[arek-kwapis]

It appears so. running npm audit throws a wobbly and displays the vulnerability 4 times. I cannot find the files it links to, nor is hoek in my package-lock.json, despite node-gyp being there, and there is no other dependency (other than electron itself) so it cannot be another package causing this. Both github and npm pick up on this.

After cloning the repo and checking the audit, node-gyp has a SECOND moderate vuln from a dependency, stringstream. I have attached the screenshot along with the rest.

this appears to be a known issue on hoek, having multiple issues deal with the exact same thing: hoek showing up as vulnerable, but not found in any files. I will attempt to use the fix provided of installing then removing hoek, then doing an update

[23phy]

Yep, the issue has been solved.