Open wtgtybhertgeghgtwtg opened 7 years ago
Another reason to do this is because npm audit
show the following issue:
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ debug │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >= 2.6.9 < 3.0.0 || >= 3.1.0 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ esformatter [dev] │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ esformatter > debug │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/534 │
└───────────────┴──────────────────────────────────────────────────────────────┘
It'd be great to update debug to a version in the range above.
esformatter
depends ondebug@0.7.4
. It also depends onrocambole-whitespace@1.0.0
, which depends ondebug@2.3.3
. So two versions ofdebug
are packaged withesformatter
. I can create a pull request if you would like.