Giters

remy / nodemon

Monitor for any changes in your node.js application and automatically restart the server - perfect for development

Home Page:http://nodemon.io/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Old version of `debug` dependency introduces `CVE-2017-16137` vulnerability

amin-kchaou opened this issue ยท comments

commented
  • Versions: node@v16.20.2, linux@6.2.0-37-generic
  • nodemon: 3.0.1

Issue

nodemon uses debug@^3.2.7 which contains the CVE-2017-16137 vulnerability.
The earliest fix for this vulnerability is in debug@4.3.1. It would be appreciated it you could update nodemon's debug to that or higher.

commented

๐ŸŽ‰ This issue has been resolved in version 3.0.2 ๐ŸŽ‰

The release is available on:

Your semantic-release bot ๐Ÿ“ฆ๐Ÿš€