Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Filtered format: Vulnerable dependency "hapijs/hoek" #391

Closed
kghbln opened this issue Apr 30, 2018 · 4 comments · Fixed by #442
Closed

Filtered format: Vulnerable dependency "hapijs/hoek" #391

kghbln opened this issue Apr 30, 2018 · 4 comments · Fixed by #442
Labels
bug

Comments

@kghbln
Copy link
Member

kghbln commented Apr 30, 2018

Setup

  • SRF version: 2.5.6-alpha / 3.0.0-alpha

Issue

hapijs/hoek as defined in https://github.com/SemanticMediaWiki/SemanticResultFormats/blob/master/formats/filtered/package.json

Known vulnerability found: CVE-2018-3728 - Moderate severity

hoek node module before 5.0.3 or 4.2.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via...

grafik

grafik

@s7eph4n FYI
@kghbln kghbln added the bug label Apr 30, 2018
@kghbln kghbln mentioned this issue Aug 24, 2018
Closed
@JeroenDeDauw
Copy link
Member

@s7eph4n would be awesome if you could have a look at this

@s7eph4n
Copy link
Contributor

s7eph4n commented Oct 12, 2018

As far as I can tell hapijs/hoek is not a dependency (anymore?). See https://github.com/SemanticMediaWiki/SemanticResultFormats/network/dependencies
Unless I missed something I think this issue can be closed.

@kghbln
Copy link
Member Author

kghbln commented Oct 12, 2018

I still wonder why I get constant warnings about this issue. Even today. Perhaps it is somehow cascading into the main requirements?

@kghbln
Copy link
Member Author

kghbln commented Oct 12, 2018

As far as I can tell hapijs/hoek is not a dependency (anymore?)

Affirmative. No it is not. However we have new transgressors:

grafik

s7eph4n added a commit that referenced this issue Oct 12, 2018
@s7eph4n
Filtered: Upgrade build tools
96e797f 
* Gulp v4
* Gulp-CLI v2
* TypeScript v3
* vinyl-source-stream v2

Fixes #391

+ 2 minor fixes
@s7eph4n s7eph4n mentioned this issue Oct 12, 2018
Merged
3 tasks
@kghbln kghbln modified the milestone: 3.0.1 Feb 22, 2019
kghbln pushed a commit that referenced this issue Feb 22, 2019
@s7eph4n @kghbln
Filtered: Upgrade build tools
48177cf 
* Gulp v4
* Gulp-CLI v2
* TypeScript v3
* vinyl-source-stream v2

Fixes #391

+ 2 minor fixes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Filtered: Upgrade build tools SemanticMediaWiki/SemanticResultFormats
3 participants
@JeroenDeDauw @kghbln @s7eph4n