Does bunyan depend on log4j?

[TesterAuto]

I just find log4j in the keywords list of the package.json file: https://github.com/trentm/node-bunyan/blob/master/package.json

Just want to confirm, does bunyan depend on log4j? If yes, will it be affected by the log4j vulnerability?

[mikehardy]

1- pull repo, do full text search for log4j, investigate the results, report back is best course I think 2- I don't think this is even a java project, so I'm not sure exactly how the java log4j library could even show up in here, but let's assume there is a java component to this (for the sake of your logged issue) - ask gradle to print the dependencies (./gradlew dependencies) and route that to a file, then search the file and report back results

[trentm]

Nope, there is no java in here. I'd added 'log4j' as a label on the node package because some of the Bunyan APIs are influenced by my (limited and old) experiences with log4j. Thanks for asking.