Security vulnerability in dependencies

[felipemarinho97]

the hoek package has a security vulnerability in 2.16.3 version. It's required by one of angular-cli dependencies, specifically, node-sass @4.9.0, as described here angular/angular-cli#10480 (comment) and seen here sass/node-sass#2355 may we will have to wait until angular-cli update its node-sass dep to v5 to see this problem solved.

[felipemarinho97]

Updating @angular-devkit/build-angular to the latest version now fixes the hoek package security vulnerability

[deezone]

Updating to @angular-devkit/build-angular@0.7.2 still produces the warning on Github

$ npm view @angular-devkit/build-angular version
0.7.2
$ npm list @angular-devkit/build-angular
hb-dashboard-a6@0.0.0 /Users/dee/projects/angular/hydrobytes-dashboard/hb-dashboard-a6
└── @angular-devkit/build-angular@0.7.2

[felipemarinho97]

@deezone please run npm ls hoek to see what package is requiring hoek.

[felipemarinho97]

Ok, seems that on node-sass it was fixed, the problem now is because node-gyp still requires request less than 2.87.0.

@angular-devkit/build-angular@0.7.2
  └─┬ node-sass@4.9.2
    └─┬ node-gyp@3.7.0
      └─┬ request@2.81.0
        └─┬ hawk@3.1.3
          ├─┬ boom@2.10.1
          │ └── hoek@2.16.3  deduped
          ├── hoek@2.16.3 
          └─┬ sntp@1.0.9
            └── hoek@2.16.3  deduped

This PR nodejs/node-gyp#1471 will fix the problem on node-gyp .

Thank you for your feedback @deezone