This repository was archived by the owner on May 1, 2020. It is now read-only.
This repository was archived by the owner on May 1, 2020. It is now read-only.
Update packages security fix #6
Description
Hi,
I am using the blink-diff library which depends on this library and I got vulnerability reported by npm audit:
=== npm audit security report ===
┌──────────────────────────────────────────────────────────────────────────────┐
│ Manual Review │
│ Some vulnerabilities require your attention to resolve │
│ │
│ Visit https://go.npm.me/audit-guide for additional guidance │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ debug │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >= 2.6.9 < 3.0.0 || >= 3.1.0 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ blink-diff │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ blink-diff > preceptor-core > log4js > streamroller > debug │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://npmjs.com/advisories/534 │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 1 low severity vulnerability in 324 scanned packages
1 vulnerability requires manual review. See the full report for details
I also have the warning when installing this lib directly.
It seems it is due to the version of log4js you used.
Upgrading the of that library in your package.json might solve the problem.
Thanks,