Github warning: We found a potential security vulnerability in one of your dependencies

[shivahr]

Following is the information given in Github warning:

We found a potential security vulnerability in one of your dependencies.

A dependency defined in IonicMobileApp/package-lock.json has known security vulnerabilities and should be updated.

Dependencies defined in IonicMobileApp/package-lock.json 500 hapijs / hoek Known security vulnerability in 4.2.0

Known vulnerability found

• CVE-2018-3728 Moderate severity hoek node module before 5.0.3 or 4.2.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via...
• package-lock.json update suggested: hoek ~> 4.2.1 Always verify the validity and compatibility of suggestions with your codebase.

[shivahr]

Related issues:

• https://github.com/ionic-team/ionic-app-scripts/issues/1425
• https://github.com/sass/node-sass/issues/2355
• https://github.com/request/request/issues/2926

[shivahr]

$ npm ls hoek
IonicMobileApp@0.0.1
├─┬ @angular/compiler-cli@5.0.3
│ └─┬ chokidar@1.7.0
│   └─┬ fsevents@1.1.3
│     └─┬ node-pre-gyp@0.6.39
│       └─┬ hawk@3.1.3
│         ├─┬ boom@2.10.1
│         │ └── hoek@2.16.3  deduped
│         ├── hoek@2.16.3 
│         └─┬ sntp@1.0.9
│           └── hoek@2.16.3  deduped
├─┬ @ionic/app-scripts@3.1.5
│ └─┬ node-sass@4.5.3
│   └─┬ request@2.83.0
│     └─┬ hawk@6.0.2
│       ├─┬ boom@4.3.1
│       │ └── hoek@4.2.0  deduped
│       ├─┬ cryptiles@3.1.2
│       │ └─┬ boom@5.2.0
│       │   └── hoek@4.2.0  deduped
│       ├── hoek@4.2.0 
│       └─┬ sntp@2.1.0
│         └── hoek@4.2.0  deduped
└─┬ cordova-plugin-mfp@8.0.2018030105
  └─┬ request@2.74.0
    └─┬ hawk@3.1.3
      ├─┬ boom@2.10.1
      │ └── hoek@2.16.3  deduped
      ├── hoek@2.16.3 
      └─┬ sntp@1.0.9
        └── hoek@2.16.3  deduped

The vulnerable dependency hoek@4.2.0 is through @ionic/app-scripts@3.1.5

[CyberBLN]

https://github.com/ionic-team/ionic-app-scripts/pull/1493 will fix this