This repository has been archived by the owner on Jan 10, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 113
security vulnerability in dependency tree #88
Comments
This is on the @github security alert system now so anyone who owns a project which uses this module anywhere in their dependency tree will being getting alerts. |
All updated and released in v3.0.1 |
@eddiemoore thanks |
Note that @github alerts are erroneously saying that hoek@4.2.1 has a vulnerability but it does not (fix was backported to that version: hapijs/hoek#230) - so codecov-node is fine |
Comandeer
added a commit
to Comandeer/rollup-plugin-babel-minify
that referenced
this issue
May 3, 2018
Version 3.0.3 reintroduces the vulnerability. See my comment here. |
Merged
Thanks for the update. Fixes in 3.0.4 |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
nsp caught this and fails our builds --
codecov@3.0.0
>request@2.81.0
>hawk@3.1.3
>hoek@2.x.x
I think updating
request
should fix the issue.hoek
:https://nodesecurity.io/advisories/566
Vulnerable <= 4.2.0 || >= 5.0.0 < 5.0.3
Patched > 4.2.0 < 5.0.0 || >= 5.0.3
The text was updated successfully, but these errors were encountered: