Update dependencies

[Ilshidur]

Some dependencies need to be updated because of vulnerability purposes :

The current extract-zip version is vulnerable to ReDoS exploits because of the debug@2.2.0 package, according to Snyk.

All underlying packages using this version are marked as vulnerable. e.g. with ungit : .

It would be nice to at least update the debug package to version 2.6.7, where the maintainers fixed the issue.

EDIT : will be solved when the PR https://github.com/maxogden/extract-zip/pull/47 is merged

[b4dnewz]

You can update also with 2.6.9, please do it, is pretty simple takes two seconds and will save a lot of tests from failing

[Ilshidur]

@b4dnewz I am not the author of the PR I linked. I guess @lisong could do it.

[b4dnewz]

actually @maxogden is the one who can solve this issue by updating the package.json file

[lisong]

maybe the author is CEO now，no time to read github，haha~~

[b4dnewz]

guys.. I don't want to bore anyone, but how can this be resolved if the author has not time to update the module?

I mean this package extract-zip is a dependency of phantomjs and the security check complain for the path: phantom@4.0.5 > phantomjs-prebuilt@2.1.15 > extract-zip@1.6.5 > debug@2.2.0

PhantomJs is a big project and both phantom and phantomjs-prebuilt has a lot of dependants and a massive download number per day.

So I assume every of this project is vulnerable and possibly is not building correctly, if a security check is made before the tests.

[lisong]

read him profile，it is said recruiters: dont email me if I dont respond to your PR you should send me a DM on twitter you can contact him on Twitter @b4dnewz

[malept]

Fixed by https://github.com/maxogden/extract-zip/commit/94b877a54dfaac8ada949cf385afb41fa0102099. Thanks for your patience.

[avindra]

Great job. Thanks @malept :tada: