cli icon indicating copy to clipboard operation
cli copied to clipboard

Published 20 hours ago verified publisher icon snyk

[Snyk-dev] Security upgrade debug from 1.0.5 to 2.6.9

Open snyk-bot opened this issue 2 years ago • 0 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • test/fixtures/basic-npm/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
low severity 399/1000
Why? Has a fix available, CVSS 3.7		 Regular Expression Denial of Service (ReDoS)
npm:debug:20170905		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: debug The new version differs by 210 commits.
  • 13abeae Release 2.6.9
  • f53962e remove ReDoS regexp in %o formatter (#504)
  • 52e1f21 Release 2.6.8
  • 2482e08 Check for undefined on browser globals (#462)
  • 6bb07f7 release 2.6.7
  • 15850cb Fix Regular Expression Denial of Service (ReDoS)
  • 4a6c85c update "debug" to v1.0.0 (#454)
  • b68dbf8 Fix typo (#455)
  • 1351d2f Inline extend function in node implementation (#452)
  • c211947 update version for component
  • 14df14c release 2.6.5
  • cae07b7 cleanup browser tests and fix null reference check on window.documentElement.style.WebkitAppearance (#447)
  • f311b10 release 2.6.4
  • 1f01b70 Fix bug that would occure if process.env.DEBUG is a non-string value. (#444)
  • 2f3ebf4 Update CHANGELOG.md
  • f5ae332 Update CHANGELOG.md
  • 9742c5f chore(): ignore bower.json in npm installations. (#437)
  • 27d93a3 update "debug" to v0.7.3
  • 9dc30f8 release 2.6.3
  • 0fb8ea4 LocalStorage returns undefined for any key not present (#431)
  • ce4d93e changelog fix
  • 017a9d6 release 2.6.2
  • 23bc780 fix DEBUG_MAX_ARRAY_LENGTH
  • 065cbfb Add backers and sponsors from Open Collective (#422)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

snyk-bot avatar Jul 27 '22 18:07 snyk-bot