Update `debug` dependencies for security
Closed this issue · 3 comments
iamnewton commented
I ran npm audit to see if there were any vulnerabilities (the report is below) and it appears the debug library is a dep of a dep and wondering if updating the consuming package will fix. Its low priority but just wanted to raise it to your attention. Thanks for this package and all of your hard work.
=== npm audit security report ===
┌──────────────────────────────────────────────────────────────────────────────┐
│ Manual Review │
│ Some vulnerabilities require your attention to resolve │
│ │
│ Visit https://go.npm.me/audit-guide for additional guidance │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ debug │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >= 2.6.9 < 3.0.0 || >= 3.1.0 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ cli-real-favicon [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ cli-real-favicon > rfg-api > node-rest-client > debug │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/534 │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 1 low severity vulnerability in 151 scanned packages
1 vulnerability requires manual review. See the full report for details.```
phbernard commented
0.0.7 has a clean audit. It was published a minute ago.
skyghis commented
found 0 vulnerabilities
Thanks !