regex vuln in debug, resolved in latest version of tabtab

[YOU54F]

Hi,

You may wish to upgrade tabtab as the version 2.2.2 suffers from a regex vuln . - see here

It is resolved in tabtab v3+ by pulling in the latest debug version 4.1.0

              └─ caporal:1.2.0
                    └─ tabtab:2.2.2
                          └─ debug:2.6.9

Vulnerabilities

DepShield reports that this application's usage of debug:2.6.9 results in the following vulnerability(s):

(CVSS 7.5) CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')
Occurrences

debug:2.6.9 is a transitive dependency introduced by the following direct dependency(s):

• @pact-foundation/pact:8.2.4
        └─ @pact-foundation/pact-node:8.3.3
              └─ caporal:1.2.0
                    └─ tabtab:2.2.2
                          └─ debug:2.6.9
              └─ sumchecker:2.0.2
                    └─ debug:2.6.9
        └─ body-parser:1.19.0
              └─ debug:2.6.9
        └─ express:4.17.1
              └─ debug:2.6.9
              └─ finalhandler:1.1.2
                    └─ debug:2.6.9
              └─ send:0.17.1
                    └─ debug:2.6.9

• lint-staged:8.1.6
        └─ micromatch:3.1.10
              └─ extglob:2.0.4
                    └─ expand-brackets:2.1.4
                          └─ debug:2.6.9
              └─ snapdragon:0.8.2
                    └─ debug:2.6.9

[YOU54F]

On further investigation this is a non-issue as the maintainer of express app got the guys to backport the fix into 2.6.9 🥇