socket.io-parser > debug@4.1.1: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)

Question

socket.io-parser > debug@4.1.1: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797)

raphael10-collab opened this issue 4 years ago · 1 comments

When installing ipfs :

warning ipfs > ipfs-core > libp2p-webrtc-star > socket.io > socket.io-parser > debug@4.1.1: Debug versions >=3.2.0 <3.2.7 || 
>=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7
or 4.3.1. (https://github.com/visionmedia/debug/issues/797)

O.S.: Ubuntu 18.04.4. Desktop
node: v14.5.0

Answer 1 · 2021-02-15T21:35:06.000Z

This is already fixed I think:

7c380d3 (socket.io-parser@4.0.3)
socketio/socket.io@230cd19 (socket.io@3.0.5).