Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Vulnerable dependencies in 1.1.4 #4374
Version 1.1.4 (the latest version as of this writing) has dependencies with known security vulnerabilities. Thank you in advance for looking into this!
Is this a bug report?
Did you try recovering your dependencies?
Which terms did you search for in User Guide?
security, vulnerability, hoek
Steps to Reproduce
Makes sense. Thanks for the quick reply!
For what it's worth, a couple of those vulnerabilities are introduced through
Do you think we're happy this is the case?
I don't know what to suggest to you. We didn't turn these warnings on. Either you did it, or npm did it by default. (I don't know which one is the case.)
We can't fix it without the downstream dependency updating. When this happens, we'll happily cut a patch. You can help too!
I have same with
Package was updated 3 years ago.
That's right, npm added
In many companies
We’re happy to take a pull request that updates the dependency or switches it. It might be that you’ll need to send it to a few underlying packages.
I don’t personally have the time to work on this right now. Are you willing to help out since it was your company that enabled these checks and is affected by the false positives?