2

I have warning showing **Insufficient Entropy** error for hapi@16.6.2 

Module: cryptiles
Published: November 1st 2018
Reported by: Microsoft Vulnerability Research
CWE-331
CVE-2018-1000620
Vulnerable: >=3.1.0 <3.1.3 || >=4.0.0 <4.1.2
Patched: >=3.1.3 <4.0.0 || >=4.1.2
CVSS: 2

In latest version of hapi >16.6.2, cryptiles dependency is removed. But hapi major version is not compatible with the old version.

How can I resolve these vulnerability warning by updating the specific subpackage versions. Or there is any other approach. npm audit could not able to fix my problem.

I have tried runing npm audit fix but it could not resolve this issue.

Chetan Gawai
  • 2,361
  • 1
  • 25
  • 36
Zakir saifi
  • 406
  • 4
  • 23
  • 1
    Or those who stumbled upon this question. It is not a good practice to update only specific packages within a library. It is better to raise an issue in respective repository in whose dependency you have vulnerability. – Zakir saifi Mar 24 '20 at 12:33

0 Answers0