From a7c9f9b55c8c8a4babd3c8e7b751e6d733ef9559 Mon Sep 17 00:00:00 2001
From: Nathan Friedly <nathan@nfriedly.com>
Date: Mon, 29 Oct 2018 10:09:38 -0400
Subject: [PATCH 1/2] Require debug ^3.2.4

There is a minor security vulnerability in the module `debug`: https://nodesecurity.io/advisories/534

This was resolved in 2.6.9 and 3.1.0.

Debug introduced let/const in v3.2.0, breaking compatibility with node.js v4 and older browsers. This was reverted in 3.2.4, then re-released it in 4.0.0 - see https://github.com/visionmedia/debug/issues/603 for context around that.

In order avoid the vulnerability without loosing any compatibility, this change locks component-cookie to >= 3.2.4 < 4.0.0.

Version `^2.6.9` could alternatively be used if desired.

This Fixes #16, Fixes #15, and is is part of the fix for https://github.com/matthewmueller/next-cookies/issues/7
---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 2127995..5f91bd0 100644
--- a/package.json
+++ b/package.json
@@ -4,7 +4,7 @@
   "version": "1.1.4",
   "license": "MIT",
   "dependencies": {
-    "debug": "2.2.0"
+    "debug": "^3.2.4"
   },
   "devDependencies": {
     "mocha": "*"

From 70b1863f04eb116d49b9a3aa21bb46fe1e0a5e70 Mon Sep 17 00:00:00 2001
From: Nathan Friedly <nathan@nfriedly.com>
Date: Mon, 29 Oct 2018 15:01:56 -0400
Subject: [PATCH 2/2] switch to ^2.6.9

based on feedback from @f2prateek
---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 5f91bd0..0230bf1 100644
--- a/package.json
+++ b/package.json
@@ -4,7 +4,7 @@
   "version": "1.1.4",
   "license": "MIT",
   "dependencies": {
-    "debug": "^3.2.4"
+    "debug": "^2.6.9"
   },
   "devDependencies": {
     "mocha": "*"