Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

security vulnerability in dependency tree

See original GitHub issue

nsp caught this and fails our builds – codecov@3.0.0 > request@2.81.0 > hawk@3.1.3 > hoek@2.x.x

I think updating request should fix the issue.

hoek: Vulnerable <= 4.2.0 || >= 5.0.0 < 5.0.3 Patched > 4.2.0 < 5.0.0 || >= 5.0.3

Issue Analytics

  • State:closed
  • Created 6 years ago
  • Reactions:8
  • Comments:6

github_iconTop GitHub Comments

eddiemoorecommented, Jul 9, 2018

Thanks for the update. Fixes in 3.0.4

davedoesdevcommented, Apr 26, 2018

This is on the @github security alert system now so anyone who owns a project which uses this module anywhere in their dependency tree will being getting alerts.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Vulnerabilities in Dependencies: What You Need to Know
The risk of using dependencies with known vulnerabilities has been included in the OWASP top 10 list of security risks. It has been...
Read more >
Investigate Dependencies in the Application Dependency Tree
LFX Security looks for vulnerabilities in your open-source dependencies and identifies the vulnerabilities. The Dependency Tree dashboard provides detailed ...
Read more >
Fixing vulnerabilities found in a dependency tree - ITNEXT
Fixing vulnerabilities found in a dependency tree. I'm working for a company that produces financial cloud solutions. We're making a new app ...
Read more >
78% of vulnerabilities are found in indirect dependencies ...
Snyk has scanned over a million snapshot projects and has discovered that vulnerabilities in indirect dependencies account for 78% of ...
Read more >
How to identify vulnerable dependencies in a Maven project
In this article, we will dicuss how to configure and use the dependency-check-maven plugin to audit our Maven project for known security ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found