Closed amin-kchaou closed 10 months ago
node@v16.20.2, linux@6.2.0-37-generic
nodemon
3.0.1
nodemon uses debug@^3.2.7 which contains the CVE-2017-16137 vulnerability. The earliest fix for this vulnerability is in debug@4.3.1. It would be appreciated it you could update nodemon's debug to that or higher.
debug@^3.2.7
CVE-2017-16137
debug@4.3.1
debug
:tada: This issue has been resolved in version 3.0.2 :tada:
The release is available on:
Your semantic-release bot :package::rocket:
node@v16.20.2, linux@6.2.0-37-generic
nodemon
:3.0.1
Issue
nodemon
usesdebug@^3.2.7
which contains theCVE-2017-16137
vulnerability. The earliest fix for this vulnerability is indebug@4.3.1
. It would be appreciated it you could updatenodemon
'sdebug
to that or higher.