Security vulnerability in dependencies

[felipemarinho97]

the hoek package has a security vulnerability in 2.16.3 version. It's required by one of angular-cli dependencies, specifically, node-sass @4.9.0, as described here angular/angular-cli#10480 (comment) and seen here sass/node-sass#2355 may we will have to wait until angular-cli update its node-sass dep to v5 to see this problem solved.

[felipemarinho97]

Updating @angular-devkit/build-angular to the latest version now fixes the hoek package security vulnerability

[deezone]

Updating to @angular-devkit/[email protected] still produces the warning on Github

$ npm view @angular-devkit/build-angular version
0.7.2
$ npm list @angular-devkit/build-angular
[email protected] /Users/dee/projects/angular/hydrobytes-dashboard/hb-dashboard-a6
└── @angular-devkit/[email protected]

[felipemarinho97]

@deezone please run npm ls hoek to see what package is requiring hoek.

[felipemarinho97]

Ok, seems that on node-sass it was fixed, the problem now is because node-gyp still requires request less than 2.87.0.

@angular-devkit/[email protected]
  └─┬ [email protected]
    └─┬ [email protected]
      └─┬ [email protected]
        └─┬ [email protected]
          ├─┬ [email protected]
          │ └── [email protected]  deduped
          ├── [email protected] 
          └─┬ [email protected]
            └── [email protected]  deduped

This PR nodejs/node-gyp#1471 will fix the problem on node-gyp .

Thank you for your feedback @deezone