Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
There is a minor security vulnerability in the module `debug`: https://nodesecurity.io/advisories/534 This was resolved in 2.6.9 and 3.1.0. Debug introduced let/const in v3.2.0, breaking compatibility with node.js v4 and older browsers. This was reverted in 3.2.4, then re-released it in 4.0.0 - see debug-js/debug#603 for context around that. In order avoid the vulnerability without loosing any compatibility, this change locks component-cookie to >= 3.2.4 < 4.0.0. Version `^2.6.9` could alternatively be used if desired. This Fixes component#16, Fixes component#15, and is is part of the fix for matthewmueller/next-cookies#7
- Loading branch information