Old version of `debug` dependency introduces `CVE-2017-16137` vulnerability
amin-kchaou opened this issue ยท comments
amin-kchaou commented
- Versions:
node@v16.20.2, linux@6.2.0-37-generic
nodemon
:3.0.1
Issue
nodemon
uses debug@^3.2.7
which contains the CVE-2017-16137
vulnerability.
The earliest fix for this vulnerability is in debug@4.3.1
. It would be appreciated it you could update nodemon
's debug
to that or higher.
github-actions commented
๐ This issue has been resolved in version 3.0.2 ๐
The release is available on:
Your semantic-release bot ๐ฆ๐