Upgrade debug to v2.6.9

[joseluisq]

Actually pino-debug@1.0.5 uses debug@2.6.0, because of this security vulnerability an upgrade of debug to v2.6.9 should fix it.

Update: it's already done at b892b08

[joseluisq]

Note: That issue is already fixed in v2.6.9

Refs: debug-js/debug#504

[mcollina]

I am a bit lost. What are you proposing apart from #11?

[joseluisq]

I am a bit lost. What are you proposing apart from #11?

#11 is not my PR. I purpose only the upgrading of that dependency, because I'm using pino-debug@1.0.5. But I saw the pino-debug is not compatible with debug v3

[joseluisq]

Anyway, an anticipated upgrade of debug to v2.6.9 it would be more logic. correct me if wrong.

[joseluisq]

v1.0.5: https://unpkg.com/pino-debug@1.0.5/package.json (debug v2.6.0)
Master: debug v2.6.9 (b892b08)

package.json on master branch contains debug v2.6.9

[mcollina]

I’m still lost. What do you want us to do? Is the release on npm not in sync to what is on master?

[joseluisq]

yep, basically bump up a new pino-debug release with debug v2.6.9

[mcollina]

Released v1.0.6.

[joseluisq]

👍