web-ext
web-ext copied to clipboard
Published
20 hours ago •
mozilla
mozilla
Upgrade from vulnerable hoek dependency
This will probably require some work in our dependencies, but it would be very nice if we could get rid of old hoek versions, as they have been marked vulnerable on snyk.
https://snyk.io/vuln/npm:hoek:20180212
While I don't think see how this could affect web-ext at all, it will still trigger warnings like this for repositories depending on it:
This is the dependency graph:
└─┬ [email protected]
├─┬ [email protected]
│ └─┬ [email protected]
│ └─┬ [email protected]
│ └─┬ [email protected]
│ ├─┬ [email protected]
│ │ └── [email protected] deduped
│ ├─┬ [email protected]
│ │ └─┬ [email protected]
│ │ └── [email protected] deduped
│ ├── [email protected]
│ └─┬ [email protected]
│ └── [email protected] deduped
└─┬ [email protected]
├─┬ [email protected]
│ └─┬ [email protected]
│ ├── [email protected]
│ └─┬ [email protected]
│ └── [email protected]
└─┬ [email protected]
└─┬ [email protected]
├─┬ [email protected]
│ └── [email protected] deduped
├── [email protected]
└─┬ [email protected]
└── [email protected] deduped
What is the current behavior?
- Shows warnings
What is the expected or desired behavior?
- Does not show warnings
Version information (for bug reports)
- Firefox version: n/a
- Your OS and version: n/a
- Paste the output of these commands:
$ node --version && npm --version && web-ext --version
v9.11.1
5.6.0
2.6.0
