vadimdemedes / mongorito

🍹 MongoDB ODM for Node.js apps based on Redux
1.38k stars 90 forks source link

Chore/update dependencies #205

Closed adieuadieu closed 6 years ago

adieuadieu commented 6 years ago

This PR updated all the package dependencies to their latest versions, with the exception of the mongodb package for which I've raised a separate PR #206 (because it requires some small code changes.)

The main motivation for this PR was to update the version of mquery used. The version currently used by Mongorito (mquery@1.11.0) uses a version of debug (2.2.0) which contains a regular expression denial of service security issue.

The only breaking change between mquery@1.11.0 and mquery@3.0.0 is that support for node <4 was dropped. However, Mongorito is not affected by this change as, according to the package.json's "engines" section, Mongorito only supports node >= 6. 🎉

/cc @vadimdemedes 😄

adieuadieu commented 6 years ago

Hi @vadimdemedes — Sorry to bug you about this, but it would be great to get this merged to address the NSP Regular Expression Denial of Service issue in the debug module.

How can I help?

vadimdemedes commented 6 years ago

Thanks! Sorry it took so long.