npm audit security report warnings

[jarrodek]

Audit result:

                       === npm audit security report ===                        
                                                                                
┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Regular Expression Denial of Service                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ debug                                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >= 2.6.9 < 3.0.0 || >= 3.1.0                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ pouchdb-quick-search                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ pouchdb-quick-search > pouchdb-mapreduce-no-ddocs >          │
│               │ pouchdb-md5 > pouchdb-utils > debug                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/534                             │
└───────────────┴──────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Regular Expression Denial of Service                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ debug                                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >= 2.6.9 < 3.0.0 || >= 3.1.0                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ pouchdb-quick-search                                         │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ pouchdb-quick-search > pouchdb-mapreduce-no-ddocs >          │
│               │ pouchdb-utils > debug                                        │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/534                             │
└───────────────┴──────────────────────────────────────────────────────────────┘

[jarrodek]

Is there a way to help you with fixing this issue? The problem is with pouchdb-utils library. I tried to look around in the project, fix the problem and send the PR but I can't get a tail or head out of it. Changing library would be very painful for me right now but on the other hand my security team won't allow me to put anything into production with security vulnerability.