Remove Debug Vulnerability #3
Conversation
|
@may215 very simple change. Would love to hear your thoughts and clear this up |
|
checking back on on this @may215 |
|
@may215 @crobinson42 Can you please run This is a simple fix. |
|
@briveramelo why are you tagging me in your comment? Quit bothersome. |
|
Are you not a contributor of this project? I imagine you are capable of doing what I've asked |
|
@crobinson42 The other reason, of course, is that it has been almost 3 years since I've requested this update, and now there is a 'high' level vulnerability in this dependency. Ultimately, I aim for a vulnerability-free project, and this is the one outstanding dependency. The fix is simple, but there has been no response. I'm tagging you so this gets attention. Accept the merge request. |
|
debug package |
|
@briveramelo You must not understand what a contributor and npm package owner are. I'll educate you: Github Repository ContributorA user who has made a change to a Github repo, ie: PR that is merged into the repo. NPM Package OwnerA user(s) who has control or ownership of the NPM package to publish new package versions to the NPM repository. You obviously found my name in the commit history and if you look at it with a little more diligence other than a lazy shotgun approach you would see I only suggested a Slack badge be added to the README.md. I hope this explanation helps you be less annoying in the future, spread the word.
|
upgrading debug to 2.6.9 to eliminate the RegExp DOS low severity vulnerability per https://www.npmjs.com/advisories/534