Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade Version of debug package #6204

Open
rodrigoramos opened this issue Dec 3, 2024 · 2 comments
Open

Upgrade Version of debug package #6204

rodrigoramos opened this issue Dec 3, 2024 · 2 comments
Labels
backport

Comments

@rodrigoramos
Copy link

Hi, there!

IDK if it's the appropriate channel to discuss about that but the package debug in use of this app is on 2.6.9 version. And it has a problem of memory leak as discussed here.

This issue suggests upgrade this package to version 3.7.0 which this problem was already solved.

I can also submit a Pull Request if it would help.
@dpopp07
Copy link

dpopp07 commented Dec 20, 2024
edited
Loading

This has already been updated in the main branch and released with v5:

express/package.json

Line 41 in e4a61bd

"debug": "4.3.6",

However, v4 is still pulling in the older version:

express/package.json

Line 42 in 2041584

"debug": "2.6.9",

It seems that v4 just needs a backport with this change to address the security concern. Here are the release notes from when that change was made before. I am sure a PR would be welcome - do you want to open one @rodrigoramos ? If not, I'm happy to.

@slagiewka
Copy link

It's worth noting that [email protected]+ requires node >= 6. Express v4 set the bar really low on >= 0.10.0. Unfortunately it's not mentioned exactly what was incompatible.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
backport
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@rodrigoramos @dpopp07 @slagiewka @IamLizu