lock debug to v2.6.9 · component/cookie@0e5efdb

Commit

lock debug to v2.6.9

There is a minor security vulnerability in the module `debug`: https://nodesecurity.io/advisories/534

This was resolved in 2.6.9 and 3.1.0.

Debug introduced let/const in v3.2.0, breaking compatibility with node.js v4 and older browsers. This was reverted in 3.2.4, then re-released it in 4.0.0 - see debug-js/debug#603 for context around that.

In order avoid the vulnerability without loosing any compatibility, this change locks component-cookie to >= 3.2.4 < 4.0.0.

Version `^2.6.9` could alternatively be used if desired.

This Fixes #16, Fixes #15, and is is part of the fix for matthewmueller/next-cookies#7

Loading branch information

nfriedly authored Oct 29, 2018

1 parent ec7d208 commit 0e5efdb

package.json

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -4,7 +4,7 @@
  
      "version": "1.1.4",

      "license": "MIT",

      "dependencies": {

        "debug": "2.2.0"

        "debug": "^3.2.4"

      },

      "devDependencies": {

        "mocha": "*"

0 comments on commit `0e5efdb`

Please sign in to comment.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Commit

There are no files selected for viewing

0 comments on commit `0e5efdb`

Commit

There are no files selected for viewing

0 comments on commit 0e5efdb

0 comments on commit `0e5efdb`