Closed adieuadieu closed 6 years ago
Hi @vadimdemedes — Sorry to bug you about this, but it would be great to get this merged to address the NSP Regular Expression Denial of Service issue in the debug
module.
How can I help?
Thanks! Sorry it took so long.
This PR updated all the package dependencies to their latest versions, with the exception of the
mongodb
package for which I've raised a separate PR #206 (because it requires some small code changes.)The main motivation for this PR was to update the version of
mquery
used. The version currently used by Mongorito (mquery@1.11.0) uses a version ofdebug
(2.2.0) which contains a regular expression denial of service security issue.The only breaking change between mquery@1.11.0 and mquery@3.0.0 is that support for node <4 was dropped. However, Mongorito is not affected by this change as, according to the
package.json
's "engines" section, Mongorito only supports node >= 6. 🎉/cc @vadimdemedes 😄