security vulnerability detected in hoek < 5.0.3

[teutsch]

It looks we may need to update package-lock.json. Github indicates a known issue in https://github.com/hapijs/hoek and recommends

package-lock.json update suggested: hoek ~> 5.0.3.

[hswick]

It looks like its a dependency for one of our dependencies, but it isn't clear which one. This issue isn't too big of a deal for us, since none of this JS code gets run in production anyways.

Best solution is to probably update our dependencies, once they come out with a patch.

[teutsch]

package-lock.json also appears in webasm-solidity, dispute-resolution-layer, and truebit-os. It appears that an update to v5.0.3 is available.

https://github.com/hapijs/hoek/releases