Debug dependency vulnerability
scotty6435 opened this issue · comments
debug@3.2.7 has a known vulnerability according to our security scanner:
"In NPM debug, the enable function accepts a regular expression from user input without escaping it. Arbitrary regular expressions could be injected to cause a Denial of Service attack on the user's browser, otherwise known as a ReDoS (Regular Expression Denial of Service). This is a different issue than CVE-2017-16137."
The dependencies have been updated but there has been no release since 2018 - will this be released any time soon to allow us to resolve this issue or is this blocked behind a larger piece of work?
Please ignore, even the latest release is vulnerable