incentive-layer icon indicating copy to clipboard operation
incentive-layer copied to clipboard

Published 20 hours ago verified publisher icon TrueBitFoundation

security vulnerability detected in hoek < 5.0.3

Open teutsch opened this issue 6 years ago • 2 comments

It looks we may need to update package-lock.json. Github indicates a known issue in https://github.com/hapijs/hoek and recommends

package-lock.json update suggested: hoek ~> 5.0.3.

teutsch avatar Apr 26 '18 17:04 teutsch

It looks like its a dependency for one of our dependencies, but it isn't clear which one. This issue isn't too big of a deal for us, since none of this JS code gets run in production anyways.

Best solution is to probably update our dependencies, once they come out with a patch.

hswick avatar Apr 26 '18 17:04 hswick

package-lock.json also appears in webasm-solidity, dispute-resolution-layer, and truebit-os. It appears that an update to v5.0.3 is available.

https://github.com/hapijs/hoek/releases

teutsch avatar Apr 27 '18 01:04 teutsch