Skip to content

fix(deps): update debug to 4.4.1 #171

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 8, 2025
Merged

fix(deps): update debug to 4.4.1 #171

merged 1 commit into from
Sep 8, 2025

Conversation

MikeMcC399
Copy link
Contributor

Situation

[email protected] is pinned to this fixed version in dependencies. Compare this to [email protected] which is configured to use the semver range "debug": "^4.3.4" and thus ships with [email protected]

Change

Update

From To (latest)
[email protected] [email protected]

Verification

Ubuntu 24.04.3 LTS, Noded.js 22.19.0 LTS

git clean -xfd
npm ci
npm test

Confirm that tests are successful.

DEBUG=commit-info npm test

Confirm that debug logs are output.

@MikeMcC399 MikeMcC399 marked this pull request as ready for review September 5, 2025 05:58
@MikeMcC399 MikeMcC399 mentioned this pull request Sep 5, 2025
Merged
@MikeMcC399
Copy link
Contributor Author

MikeMcC399 commented Sep 5, 2025
edited
Loading

@AtofStryker

  • This is the only version update I propose to make to production dependencies. After this PR is merged, then PR ci: enable semantic-release #172 can be made available for review, followed by a release.
  • Please review and merge, like for the previous PRs you've processed.

@MikeMcC399 MikeMcC399 marked this pull request as draft September 8, 2025 15:28
@MikeMcC399

This comment was marked as outdated.

Sign in to view
@MikeMcC399
Copy link
Contributor Author

@AtofStryker

The security advisory GHSA-8mgj-vmr8-frr6 for debug, which originally targeted all versions, is now limited to the compromised and yanked [email protected] version.

Since this PR never used the compromised version, I'm comfortable with releasing it again for review, so if you would be so kind to review and merge, that would be awesome!

@MikeMcC399 MikeMcC399 marked this pull request as ready for review September 8, 2025 18:39
@AtofStryker AtofStryker merged commit c3af028 into cypress-io:master Sep 8, 2025
1 check passed
@MikeMcC399 MikeMcC399 deleted the update/debug branch September 9, 2025 04:16
@github-actions GitHub Actions
Copy link

🎉 This PR is included in version 2.2.1 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AtofStryker AtofStryker AtofStryker approved these changes

Assignees
No one assigned
Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@MikeMcC399 @AtofStryker