hoek dependency potential security vulnerability

[epicserve]

Github sent me the message:
We found a potential security vulnerability in one of your dependencies.
A dependency defined in ./package-lock.json has known security vulnerabilities and should be updated.

When I click on the details it say:

When I looked at what package is dependent on hoek I found this.

# npm ls hoek
/code
└─┬ gulp-sass@4.0.1
  └─┬ node-sass@4.9.0
    └─┬ request@2.79.0
      └─┬ hawk@3.1.3
        ├─┬ boom@2.10.1
        │ └── hoek@2.16.3  deduped
        ├── hoek@2.16.3
        └─┬ sntp@1.0.9
          └── hoek@2.16.3  deduped

[justlevine]

Confirmed.

Seemingly, node-sass is waiting for the v5 release to fix this: sass/node-sass#2288

[theenoahmason]

Confirmed as well.

@justlevine this is also an issue @ node-sass repo, but with all the other tickets consolidated:
sass/node-sass#2355

[georgemeehan]

Is there a way to update this manually?

[tjkohli]

@dlmanning any updates? We're happy to help.

[PRElias]

Waiting for an update on this too

[bra1n]

While we're all waiting for node-sass@v5, you could temporarily fix this issue by requiring a specific node-sass version from GitHub: sass/node-sass#2355 (comment)
"node-sass": "git+https://github.com/sass/node-sass.git#v4.7.0"