-
Notifications
You must be signed in to change notification settings - Fork 11.9k
Closed
Labels
Description
If hawk, sntp, boom (one package dependency) cryptiles used for angular cli project? It has a security vulnerability for "hoek": "2.16.3" highlighted by github. Can you check the same? Hopefully its not used in any compiler and it might be a minor issue. Github does not mention issue severity.
Versions
OS Ubuntu 17.10 Artful
Angular CLI: 6.0.1
Node: 9.11.1
OS: linux x64
Angular: 6.0.1
... animations, cli, common, compiler, compiler-cli, core, forms
... http, language-service, platform-browser
... platform-browser-dynamic, router, service-worker
Package Version
-----------------------------------------------------------
@ angular-devkit/architect 0.6.1
@ angular-devkit/build-angular 0.6.1
@ angular-devkit/build-optimizer 0.6.1
@ angular-devkit/core 0.6.1
@ angular-devkit/schematics 0.6.1
@ angular/pwa 0.6.1
@ ngtools/webpack 6.0.1
@ schematics/angular 0.6.1
@ schematics/update 0.6.1
rxjs 6.1.0
typescript 2.7.2
webpack 4.6.0
Repro steps
No Steps. CLI dependencies
Observed behavior
NA
Desired behavior
Upgrade packages using hoek to v4.x.x
Mention any other details that might be useful (optional)
NA
Marabyte, matszym, seniko, m67hoff, charnpreetsingh and 16 more