The currently used version of the debug package (2.2.0) uses the ms 0.7.1 package, which has a "high risk" vulnerability (ReDos attack).
Would it be possible for you to upgrade to at least debug 2.2.7 so that it pulls in ms 2.0.0 which fixes the vulnerability?
The currently used version of the
debugpackage (2.2.0) uses thems 0.7.1package, which has a "high risk" vulnerability (ReDos attack).Would it be possible for you to upgrade to at least
debug 2.2.7so that it pulls inms 2.0.0which fixes the vulnerability?