This repository has been archived by the owner on Jan 10, 2023. It is now read-only.
security vulnerability in dependency tree #88
Assignees
Comments
|
This is on the @github security alert system now so anyone who owns a project which uses this module anywhere in their dependency tree will being getting alerts. |
|
All updated and released in v3.0.1 |
|
@eddiemoore thanks |
|
Note that @github alerts are erroneously saying that hoek@4.2.1 has a vulnerability but it does not (fix was backported to that version: hapijs/hoek#230) - so codecov-node is fine |
Comandeer
added a commit
to Comandeer/rollup-plugin-babel-minify
that referenced
this issue
May 3, 2018
|
Version 3.0.3 reintroduces the vulnerability. See my comment here. |
Merged
|
Thanks for the update. Fixes in 3.0.4 |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
nsp caught this and fails our builds --
codecov@3.0.0>request@2.81.0>hawk@3.1.3>hoek@2.x.xI think updating
requestshould fix the issue.hoek:https://nodesecurity.io/advisories/566
Vulnerable <= 4.2.0 || >= 5.0.0 < 5.0.3
Patched > 4.2.0 < 5.0.0 || >= 5.0.3
The text was updated successfully, but these errors were encountered: