Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Security: Upgrade boom and hawk to fix hoek

See original GitHub issue

Versions

v1.7.4

Repro steps

CLI currently uses old Boom and Hawk dependencies, which loads an old version of Hoek which is vulnerable.

Desired behavior

Upgrade to latest Boom and Hawk.

Issue Analytics

State:
Created 5 years ago
Reactions:32
Comments:24 (1 by maintainers)

Top GitHub Comments

14reactions

adambkaplancommented, May 25, 2018

Potential regression - vulnerable lib still installed with @angular/cli@^6.0.3 running ng new-app

11reactions

Goluxascommented, Jun 14, 2018

GitHub’s automated vulnerability checking is now finding and reporting this, both by email and on the repository page. Please reopen.

Top Results From Across the Web

How to get rid of the 'hoek' vulnerabilities - Stack Overflow

I really want to fix the security issues. How do I get rid of the pesky 'hoek' vulnerabilities? node.js · angular · github...

Karma npm - Vulnerabilities & Security Analysis - Snyk

Find out if karma has security vulnerabilities that can threaten your software project, ... Remediation. Upgrade hoek to versions 4.2.1, 5.0.3 or higher....

Npm WARN when building for production - Meteor forums

When I build my meteor app for production, I see the following npm warnings… npm WARN deprecated hawk@3.1.3: This module moved to @hapi/hawk...

Github – Proper way to fix potential security vulnerability in a ...

( rm package-lock.json is only if it exists.) Edit: In yet a 3rd app, I checked npm outdated and found I had to...

Unable to use DOMO CLI (App Dev Studio) — Dojo Community

Please upgrade to the latest version to get the best features, bug fixes, and security patches. If you are unable to upgrade at...