Does bunyan depend on log4j?
TesterAuto opened this issue · 2 comments
I just find log4j in the keywords list of the package.json file:
https://github.com/trentm/node-bunyan/blob/master/package.json
Just want to confirm, does bunyan depend on log4j? If yes, will it be affected by the log4j vulnerability?
1- pull repo, do full text search for log4j, investigate the results, report back is best course I think
2- I don't think this is even a java project, so I'm not sure exactly how the java log4j library could even show up in here, but let's assume there is a java component to this (for the sake of your logged issue) - ask gradle to print the dependencies (./gradlew dependencies) and route that to a file, then search the file and report back results
Nope, there is no java in here. I'd added 'log4j' as a label on the node package because some of the Bunyan APIs are influenced by my (limited and old) experiences with log4j. Thanks for asking.