Vulnerability in hoek lib

[akravch]

Github has sent an automatic vulnerability alert for the repo:

A dependency defined in ClientApp/package-lock.json has known security vulnerabilities and should be updated.

Further details: https://nvd.nist.gov/vuln/detail/CVE-2018-3728

Suggested fix: hoek ~> 5.0.3

Need to find out how the lib can be updated and apply a fix if possible.

[akravch]

The output of npm ls hoek:

`-- @angular/[email protected]
  `-- [email protected]
    `-- [email protected]
      `-- [email protected]
        +-- [email protected]
        | `-- [email protected]  deduped
        +-- [email protected]
        `-- [email protected]
          `-- [email protected]  deduped

[akravch]

There is an issue for that on angular cli backlog: angular/angular-cli#10480
Need to update angular cli once it is resolved.

[pryabov]

Removed blocked tag in the reason that referred issue in Angular CLI was fixed

[akravch]

It's blocked again. Angular CLI has been updated, but now there is s dependency from @angular-devkit:

`-- @angular-devkit/[email protected]
  `-- [email protected]
    `-- [email protected]
      `-- [email protected]
        +-- [email protected]
        | `-- [email protected]  deduped
        +-- [email protected]
        `-- [email protected]
          `-- [email protected]  deduped

Github issue: angular/angular-cli#10827

I guess we'll have to wait for the node-sass to update the request dependency to 2.86...