Security vulnerability in one of the dependencies

[gohai]

We found a potential security vulnerability in one of your dependencies. A dependency defined in …/src/package-lock.json has known security vulnerabilities and should be updated.

CVE-2018-3728 hoek node module before 5.0.3 or 4.2.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via...

package-lock.json update suggested: hoek ~> 4.2.1 Always verify the validity and compatibility of suggestions with your codebase.

@msurguy GitHub threw this at me - I am sure this is harmless, but would be great to silence this warning

[msurguy]

@gohai I've tracked down the culprit which is coming from gulp-sass which requires node-sass package that uses outdated dependency. Here are the tickets tracking the update to the new version of that dependency: https://github.com/dlmanning/gulp-sass/issues/687 https://github.com/dlmanning/gulp-sass/issues/691 https://github.com/sass/node-sass/issues/2355 https://github.com/sass/node-sass/issues/2288

The newer version of node-sass will be released soon as v5 and this issue will go away after gulp-sass will use the newer version of that library. That release progress is tracked in https://github.com/sass/node-sass/pull/2312

Meanwhile I tried updating the dependency manually as described in https://github.com/Microsoft/vscode/issues/48783 But didn't have any luck retaining the changes so far.

Let's wait for the new release of node-sass to fix this issue?

[gohai]

Thanks for looking into this, Maks - agree with your suggestion to wait for node-sass release to drop.