Potential security vulnerability in hapijs / hoek

[jtalati]

We are receiving the following vulnerability message:

Our mkdocs version is the latest(Version 0.17.3)

if anyone can guide us or have been through this issue before it would be good help.

This would be a good way for future users who face this issue to interact and find a possible solution for any security vulnerabilities.

[waylan]

I'm not aware that MkDocs makes use of or includes hapijs/hoek.

Are you using any custom JavaScript in your project? Which theme are you using? Where is this being reported from (which browser, tool, etc)?

[waylan]

I asked three questions, but you only answered the first. I need more information to act on this. Is your custom JavaScript making use of the offending library? Are you using a third party theme which is using the offending library? If so, then the matter is out of my hands. But until I can reproduce the problem, I have no way of knowing.

[chriswhong]

Thanks for the response (I work with @jtalati), we will take a look and see what is actually using hoek. We assumed it came with mkdocs but we'll dig deeper based on your response.

[waylan]

What tool is reporting the problem? If I knew that, at the very least I could check if the tool reports the same issue in a default MkDocs build with the included themes.

[waylan]

Closing this due to a lack of useful information. I'm assuming this is related to a third party theme as neither of the included themes make use of the named library.