[ https://issues.apache.org/jira/browse/GRIFFIN-168?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16513498#comment-16513498 ]
ASF GitHub Bot commented on GRIFFIN-168: ---------------------------------------- GitHub user alexatapache opened a pull request: https://github.com/apache/incubator-griffin/pull/307 remove package-lock.json and ignore it To fix the problem mentioned in GRIFFIN-168 You can merge this pull request into a Git repository by running: $ git pull https://github.com/alexatapache/incubator-griffin master Alternatively you can review and apply these changes as the patch at: https://github.com/apache/incubator-griffin/pull/307.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #307 ---- commit ecf53d068819bbb12ea4088e984a7586b24700dc Author: Alex Lv <alexlv@...> Date: 2018-06-15T07:24:52Z remove package-lock.json and ignore it ---- > moderate severity security vulnerability detected in hoek < 4.2.1 > ------------------------------------------------------------------ > > Key: GRIFFIN-168 > URL: https://issues.apache.org/jira/browse/GRIFFIN-168 > Project: Griffin (Incubating) > Issue Type: Bug > Reporter: Alex Lv > Assignee: Alex Lv > Priority: Major > > We found a potential security vulnerabilty in one of your dependencies > |[{color:#0366d6}!https://assets-cdn.github.com/images/modules/logos_page/GitHub-Logo.png|width=76,height=21!{color}|https://github.com/]|[{color:#24292e}Sign > in{color}|https://github.com/login]| > *asfsecurity,* > > We found a potential security vulnerability in a repository for which you > have been granted security alert access. > |!https://avatars3.githubusercontent.com/u/47359?s=56&v=4|width=28,height=28!|[{color:#0366d6}*apache/incubator-griffin*{color}|https://github.com/apache/incubator-griffin]| > | > |Known *moderate severity* security vulnerability detected in *hoek < 4.2.1* > defined > in[*package-lock.json*|https://github.com/apache/incubator-griffin/blob/master/ui/angular/package-lock.json].| > |[*package-lock.json*|https://github.com/apache/incubator-griffin/blob/master/ui/angular/package-lock.json] > update suggested: *hoek ~> 4.2.1*.| > |{color:#6a737d}_Always verify the validity and compatibility of suggestions > with your codebase._{color}| > | -- This message was sent by Atlassian JIRA (v7.6.3#76005)