Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[security] Dependency has a security issue #1906

Closed
paul-marechal opened this issue May 15, 2018 · 4 comments
Closed

[security] Dependency has a security issue #1906

paul-marechal opened this issue May 15, 2018 · 4 comments
Labels
quality issues related to code and application quality

Comments

@paul-marechal
Copy link
Member

paul-marechal commented May 15, 2018
edited

https://nvd.nist.gov/vuln/detail/CVE-2018-3728

This issue concerns the hoek nodejs package, that we are using indirectly via subdependencies.

It seems like in our case, less@2.7.3 is at the root of the problem, from @theia/application-manager.

Should we bump this package version and try to get a more up-to-date hoek version this way ?

Are there other places where we would depend on hoek < 4.x.x ?
@paul-marechal
Copy link
Member Author

@svenefftinge @akosyakov @akosyakov @marcdumais-work

@paul-marechal
Copy link
Member Author

paul-marechal commented May 15, 2018
edited

yarnpkg/yarn#5808 this would help diagnosing Theia's yarn.lock.

@paul-marechal paul-marechal added the quality issues related to code and application quality label May 15, 2018
@paul-marechal paul-marechal mentioned this issue May 15, 2018
Merged
@kittaakos
Copy link
Contributor

@marechal-p, can we close this?

@marcdumais-work
Copy link
Contributor

I think so, yes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
quality issues related to code and application quality
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kittaakos @paul-marechal @marcdumais-work