Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
security vulnerability? due to old hawk@3.1.3 (and hoek@2.16.3) dependency
See original GitHub issuein our project, snyk recently started complaining that we have a dependency with a known security vulnerability. It complains about hoek@2.16.3 which is required by hawk@3.1.3 which is required by the latest version of node-pre-gyp
the latest version of hoek (version 5.0.3) fixed the vulnerability. But node-pre-gyp has locked the version of hawk to 3.1.3 while the latest version of hawk is 7.0.7. Using such an old version of hawk also uses a very old version of hoek.
Would it be easy to upgrade to the latest version of hawk so we get the latest version of hoek without the vulnerability?
More info about the (low prio) vulnerability in hoek can be found at https://snyk.io/vuln/npm:hoek:20180212
Issue Analytics
- State:
- Created 6 years ago
- Reactions:45
- Comments:10 (2 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
@springmeyer any news about dependency updates?
Fixed by merging #347