Closed akoskm closed 6 years ago
In addition to this, tiny-lr
is still using debug#v2.6.7
which throws Low Vulnerability issues over at node-security (found here). Maybe we should wait for tiny-lr
to be updated with a (already) patched version of debug
before merging this PR (I created an issue on their repo) or replace tiny-lr
with something else.
Just ran a snyk security test to add to this:
`$ snyk test ✗ High severity vulnerability found on qs@5.1.0
any progress? are there that many changes needed to migrate to current version of tiny-lr
?
The latest versions of
tiny-lr
aren't depending onbody-parser
anymore, can we update it to its latest version?I'm willing to send a pull request but I was wondering if there's a reason behind going with
0.2.1
.