Serialport has vulnerabilities
jorgerobles opened this issue · 3 comments
jorgerobles commented
Hi,
I've got a report from github about a package named hoek to be upgraded. https://github.com/LaserWeb/LaserWeb4/network/dependencies
That package goes inside serialport.
cprezzi commented
This message comes from package-lock.json, which would not be built with the correct nodejs version 6. I guess you updated to nodejs 8, which created this package-lock.json.
You could try to delete package-lock.json so it can be created again with a never version of hoek, or go back to nodejs 6.
jorgerobles commented
As far as I see that's just shutting down the alert, but hoek package has
vulnerabilities nevertheless. Will be still there until update the
serialport version.
El mié., 23 may. 2018 13:12, Claudio Prezzi <notifications@github.com>
escribió:
… This message comes from package-lock.json, which would not be built with
the correct nodejs version 6. I guess you updated to nodejs 8, which
created this package-lock.json.
You could try to delete package-lock.json so it can be created again with
a never version of hoek, or go back to nodejs 6.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#59 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABoIYLUP2cLJcbzB2J7Oiv70WJDprxy-ks5t1UQLgaJpZM4UIET3>
.
cprezzi commented
Closed, as we moved to Serialport 6.2.2