Skip to content

Upgrade needed for packages with dependencies of "hoek": "2.16.3" Security issue as marked by github #10827

@ganeshkbhat

Description

@ganeshkbhat

If hawk, sntp, boom (one package dependency) cryptiles used for angular cli project? It has a security vulnerability for "hoek": "2.16.3" highlighted by github. Can you check the same? Hopefully its not used in any compiler and it might be a minor issue. Github does not mention issue severity.

Versions

OS Ubuntu 17.10 Artful

Angular CLI: 6.0.1
Node: 9.11.1
OS: linux x64
Angular: 6.0.1
... animations, cli, common, compiler, compiler-cli, core, forms
... http, language-service, platform-browser
... platform-browser-dynamic, router, service-worker

Package                           Version
-----------------------------------------------------------
@ angular-devkit/architect         0.6.1
@ angular-devkit/build-angular     0.6.1
@ angular-devkit/build-optimizer   0.6.1
@ angular-devkit/core              0.6.1
@ angular-devkit/schematics        0.6.1
@ angular/pwa                      0.6.1
@ ngtools/webpack                  6.0.1
@ schematics/angular               0.6.1
@ schematics/update                0.6.1
rxjs                              6.1.0
typescript                        2.7.2
webpack                           4.6.0

Repro steps

No Steps. CLI dependencies

Observed behavior

NA

Desired behavior

Upgrade packages using hoek to v4.x.x

Mention any other details that might be useful (optional)

NA

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions