You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The package-lock.json is being published and includes a reference to an old version of hoek which is considered to be a critical security vulnerability and is flagged as such in github.
Generally this is fixed by using newer version of the request library which no longer has this dependency. But there might be other things webdriverio uses that cause hoek to be included.
My recommendations are to either:
Stop publishing package-lock.json
Go through the dependencies and upgrade anything that is pulling in old hoek.
@natelaws thanks for letting me know. I thought package-lock would be ignored automatically but this was a false assumption since this project has a custom npmignore file.
The problem
The package-lock.json is being published and includes a reference to an old version of
hoek
which is considered to be a critical security vulnerability and is flagged as such in github.Generally this is fixed by using newer version of the
request
library which no longer has this dependency. But there might be other things webdriverio uses that cause hoek to be included.My recommendations are to either:
References:
request
: Replace hawk dependency with a local implemenation request/request#2943I could do either just wondering what the project prefers.
The text was updated successfully, but these errors were encountered: