Skip to content
This repository has been archived by the owner on Oct 11, 2024. It is now read-only.

fix(deps): update dependency debug to v4.3.1 [security] #598

Closed
wants to merge 1 commit into from
Closed

fix(deps): update dependency debug to v4.3.1 [security] #598

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Oct 2, 2023
edited
Loading

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
debug 4.1.1 -> 4.3.1 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2017-16137

Affected versions of debug are vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter.

As it takes 50,000 characters to block the event loop for 2 seconds, this issue is a low severity issue.

This was later re-introduced in version v3.2.0, and then repatched in versions 3.2.7 and 4.3.1.

Recommendation

Version 2.x.x: Update to version 2.6.9 or later.
Version 3.1.x: Update to version 3.1.0 or later.
Version 3.2.x: Update to version 3.2.7 or later.
Version 4.x.x: Update to version 4.3.1 or later.

Release Notes

debug-js/debug (debug)

v4.3.1

Compare Source

Patch release 4.3.1

v4.3.0

Compare Source

Minor release

  • Deprecated debugInstance.destroy(). Future major versions will not have this method; please remove it from your codebases as it currently does nothing.
  • Fixed quoted percent sign
  • Fixed memory leak within debug instances that are created dynamically

v4.2.0

Compare Source

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot added the renovate label Oct 2, 2023
@coveralls
Copy link

Coverage Status

coverage: 32.315%. remained the same when pulling 2562e79 on renovate/npm-debug-vulnerability into 424a858 on master.

@withdave withdave closed this May 28, 2024
@withdave withdave deleted the renovate/npm-debug-vulnerability branch May 28, 2024 19:46
@renovate Renovate
Copy link
Contributor Author

renovate bot commented May 28, 2024

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update (4.3.1). You will get a PR once a newer version is released. To ignore this dependency forever, add it to the ignoreDeps array of your Renovate config.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
renovate
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@coveralls @withdave