Skip to content
This repository has been archived by the owner on Jun 14, 2022. It is now read-only.

Fix potential security vulnerabilities #933

Closed
enriquetuya opened this issue Jul 20, 2018 · 2 comments
Closed

Fix potential security vulnerabilities #933

enriquetuya opened this issue Jul 20, 2018 · 2 comments
Assignees
@nerik
Labels
technical
Projects
Mapbox Renderer ready for Production

Comments

@enriquetuya
Copy link
Collaborator

Fix the potential vulnerabilities displayed here: https://github.com/GlobalFishingWatch/map-client/network/dependencies
@enriquetuya enriquetuya added this to To do in Mapbox Renderer ready for Production via automation Jul 20, 2018
@nerik
Copy link
Contributor

nerik commented Jul 22, 2018
edited

This is what npm ls shows for the problematic dependency:

└─┬ node-sass@4.9.2
  └─┬ node-gyp@3.7.0
    └─┬ request@2.81.0
      └─┬ hawk@3.1.3
        ├─┬ boom@2.10.1
        │ └── hoek@2.16.3  deduped
        ├── hoek@2.16.3
        └─┬ sntp@1.0.9
          └── hoek@2.16.3  deduped

hoek is a dependency of node-gyp, which is a dependency of node-sass. We need to wait for this PR to be merged: nodejs/node-gyp#1492, and then for the node-sass people to bump their node-gyp version.

@nerik
Copy link
Contributor

nerik commented Aug 14, 2018

sass/node-sass#2472
d21c71e

@nerik nerik closed this as completed Aug 14, 2018
Mapbox Renderer ready for Production automation moved this from To do to Done Aug 14, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@nerik nerik

Labels
technical
Projects
No open projects
Mapbox Renderer ready for Production
  
Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@enriquetuya @nerik