Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Temp fix for reported security vuln #23

Open
eritbh opened this issue Jun 14, 2018 · 0 comments
Open

Temp fix for reported security vuln #23

eritbh opened this issue Jun 14, 2018 · 0 comments
Assignees
@eritbh
Labels
bug security

Comments

@eritbh
Copy link
Collaborator

eritbh commented Jun 14, 2018
edited
Loading

https://nvd.nist.gov/vuln/detail/CVE-2018-3728

$ yarn why hoek
yarn why v1.7.0
[1/4] Why do we have the module "hoek"...?
[2/4] Initialising dependency graph...
[3/4] Finding dependency...
[4/4] Calculating file sizes...
=> Found "[email protected]"
info Reasons this module exists
   - "node-sass#request#hawk" depends on it
   - Hoisted from "node-sass#request#hawk#hoek"
   - Hoisted from "node-sass#request#hawk#boom#hoek"
   - Hoisted from "node-sass#request#hawk#sntp#hoek"
info Disk size without dependencies: "212KB"
info Disk size with unique dependencies: "212KB"
info Disk size with transitive dependencies: "212KB"
info Number of shared dependencies: 0
Done in 1.93s.

sass/node-sass#2355 and sass/node-sass#2312

tl;dr revert d975ff6 when node-sass v5 drops
eritbh added a commit that referenced this issue Jun 14, 2018
@eritbh
Fix hoek dependency vuln (#23)
d975ff6
@eritbh eritbh self-assigned this Jun 14, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@eritbh eritbh

Labels
bug security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@eritbh