Security issue in dependencies

[Adrion]

Security issue in dependencies

ionic-app-scripts requires node-sass 4.7.2
sass/node-sass#2355

ionic-app-scripts
|-node-sass
 |-request
  |-hawk
   |-hoek

Still no upgrades for node-sass, but we have to register the issue here for dependency upgrade.

[peterennis]

@adamdbradley

I see that also, and GitHub is sending out notices.

C:\ae\adaept.com\aeicons>npm ls hoek
[email protected] C:\ae\adaept.com\aeicons
`-- @ionic/[email protected]
  `-- [email protected]
    `-- [email protected]
      `-- [email protected]
        +-- [email protected]
        | `-- [email protected]  deduped
        +-- [email protected]
        `-- [email protected]
          `-- [email protected]  deduped


C:\ae\adaept.com\aeicons>

[peterennis]

This is being addressed at the top level by npm here: https://github.com/npm/npm/releases
Testing the issue here: ionic-team/ionic-framework#14497

[shlomiLan]

What should be the fix for this issue? I have tried running npm audit fix and that found and fixed lots of problem but not this one. When I run npm ls hoek I get:

├─┬ @ionic/[email protected]
│ └─┬ [email protected]
│   └─┬ [email protected]
│     └─┬ [email protected]
│       ├─┬ [email protected]
│       │ └── [email protected] 
│       ├── [email protected] 
│       └─┬ [email protected]
│         └── [email protected] 

I'm using Ionic 3

[peterennis]

The following ionic-team/ionic-framework#14920 is a duplicate of this.

[byzg]

+1