Security vulnerability in one of the dependencies

[gohai]

We found a potential security vulnerability in one of your dependencies.
A dependency defined in …/src/package-lock.json has known security vulnerabilities and should be updated.

CVE-2018-3728
hoek node module before 5.0.3 or 4.2.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via...

package-lock.json update suggested:
hoek ~> 4.2.1
Always verify the validity and compatibility of suggestions with your codebase.

@msurguy GitHub threw this at me - I am sure this is harmless, but would be great to silence this warning

[msurguy]

@gohai I've tracked down the culprit which is coming from gulp-sass which requires node-sass package that uses outdated dependency. Here are the tickets tracking the update to the new version of that dependency:
dlmanning/gulp-sass#687
dlmanning/gulp-sass#691
sass/node-sass#2355
sass/node-sass#2288

The newer version of node-sass will be released soon as v5 and this issue will go away after gulp-sass will use the newer version of that library. That release progress is tracked in sass/node-sass#2312

Meanwhile I tried updating the dependency manually as described in
microsoft/vscode#48783
But didn't have any luck retaining the changes so far.

Let's wait for the new release of node-sass to fix this issue?

[gohai]

Thanks for looking into this, Maks - agree with your suggestion to wait for node-sass release to drop.