Security vulnerability in outdated 'follow' version

[b3nsn0w]

Link to vulnerability: https://nodesecurity.io/advisories/534

This is an exploit in debug, which is a dependency of Follow, which is a dependency of this project. The issue has been fixed down the line, Follow's latest version is compatible with the updated 'debug' library.

The suggested remediation would be upgrading to Follow ^1.1.0. Is there anything blocking this?

[renanyoy]

┌──────────────────────────────────────────────────────────────────────────────┐
│ Manual Review │
│ Some vulnerabilities require your attention to resolve │
│ │
│ Visit https://go.npm.me/audit-guide for additional guidance │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low │ Regular Expression Denial of Service │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ debug │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in │ >= 2.6.9 < 3.0.0 || >= 3.1.0 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ cradle │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ cradle > follow > debug │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://nodesecurity.io/advisories/534 │
└───────────────┴──────────────────────────────────────────────────────────────┘

[hikino]

I have the same issue when I run "npm install" and "npm audit" although using the latest version "0.7.1".