-
Notifications
You must be signed in to change notification settings - Fork 579
-
Notifications
You must be signed in to change notification settings - Fork 579
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Known vulnerability in hoek module used #4220
Comments
The fix was back ported from 5.0.3 to 4.2.1 FYI. |
The request package depends on it, and is in the process of updating their dependency. |
Figured. It’s a recently known vulnerability (3/30/18).
|
Issue tracked in the dependent package. |
Why close this now? Why not close when the dependent package is incorporated into pxt-core? How is this now being tracked? |
Admin pages of github has list of vulnerability for that repo only visible to administrator. We don’t need to track this as a issue. |
Looks like the hoek vulnerability alert was a mistake on Github's part. hoek v4 is fine. see hapijs/hoek#247 (comment) for more details |
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Known vulnerability in used module.
CVE-2018-3728
Moderate severity
hoek node module before 5.0.3 or 4.2.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via...
package-lock.json update suggested:
hoek ~> 5.0.3
The text was updated successfully, but these errors were encountered: