From afaddb92fa3fa5ac53e837cb550e20b22bf96cbe Mon Sep 17 00:00:00 2001
From: Jamie Birch <14055146+shirakaba@users.noreply.github.com>
Date: Mon, 16 Jul 2018 18:13:21 +0100
Subject: [PATCH] Patch for RegEx DoS exploit

From https://nodesecurity.io/advisories/534 :

OVERVIEW

Affected versions of debug are vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter.

As it takes 50,000 characters to block the event loop for 2 seconds, this issue is a low severity issue.


REMEDIATION

Version 2.x.x: Update to version 2.6.9 or later. Version 3.x.x: Update to version 3.1.0 or later.
---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index aa2dc9f..c9b2687 100644
--- a/package.json
+++ b/package.json
@@ -26,7 +26,7 @@
   },
   "dependencies": {
     "browser-request": "~0.3.0",
-    "debug": "^2.1.0",
+    "debug": "^2.6.9",
     "request": "^2.83.0"
   },
   "devDependencies": {