Skip to content

Commit

Permalink
Require debug ^3.2.4
Browse files Browse the repository at this point in the history
There is a minor security vulnerability in the module `debug`: https://nodesecurity.io/advisories/534

This was resolved in 2.6.9 and 3.1.0.

Debug introduced let/const in v3.2.0, breaking compatibility with node.js v4 and older browsers. This was reverted in 3.2.4, then re-released it in 4.0.0 - see debug-js/debug#603 for context around that.

In order avoid the vulnerability without loosing any compatibility, this change locks component-cookie to >= 3.2.4 < 4.0.0.

Version `^2.6.9` could alternatively be used if desired.

This Fixes component#16, Fixes component#15, and is is part of the fix for matthewmueller/next-cookies#7
  • Loading branch information
nfriedly committed Oct 29, 2018
1 parent ec7d208 commit a7c9f9b
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
"version": "1.1.4",
"license": "MIT",
"dependencies": {
"debug": "2.2.0"
"debug": "^3.2.4"
},
"devDependencies": {
"mocha": "*"
Expand Down

0 comments on commit a7c9f9b

Please sign in to comment.