I recently pushed an Angular CLI 5 application to GitHub and it indicated the following:
We found a potential security vulnerability in one of your dependencies.
You should runrm package-lock.json
&& npm update && npm install
, if this still doesn't fix your issue, you can then continue by running npm ls hoek
, which should gave you:
├─┬ fuse-box@3.3.0
│ └─┬ request@2.81.0
│ └─┬ hawk@3.1.3
│ ├─┬ boom@2.10.1
│ │ └── hoek@2.16.3
│ ├── hoek@2.16.3
│ └─┬ sntp@1.0.9
│ └── hoek@2.16.3
└── hoek@5.0.3
Check the version of hawk
against the one on npm hawk, if it doesn't tally, run npm i hawk --save
or npm i hoek@latest --save
, then you should also run: npm i karma@latest --save
, then npm audit
After which I again ran my normal git commands:
git add .
git commit -m 'whatever_message'
git push
Then you can go back to Github, the security vulnerability should be fixed.