Upgrade dateformat to address vulnerability in transitive dependency trim-newlines

[karlhorky]

Issue description

Transitive dependency chain: [email protected] -> dateformat@~1.0.4-1.2.3 -> meow@^3.3.0 -> trim-newlines@^1.0.0

Vulnerability: GHSA-7p7h-4mm5-852v

Context

OS version (is it docker or host?), ts-node-dev version

macOS Big Sur 11.4, 1.1.6

Did you try to run with ts-node?

Not applicable

Did you try to run with --files option enabled?

Not applicable

Did you try to run with --debug option enabled?

Not applicable

Do you have a repro example (git repo) with simple steps to reproduce your problem?

Repro:

$ npm install ts-node-dev
...
$ npm audit
# npm audit report

trim-newlines  <3.0.1 || =4.0.0
Severity: high
Regular Expression Denial of Service - https://npmjs.com/advisories/1753
fix available via `npm audit fix`
node_modules/trim-newlines
  meow  3.4.0 - 5.0.0
  Depends on vulnerable versions of trim-newlines
  node_modules/meow

2 high severity vulnerabilities

To address all issues, run:
  npm audit fix

[Gabb-c]

Also, Dependabot is pointing this vulnerability too.

[kamikazebr]

Yes, i see that CVE here too. I tried update the lock json manually and add in package.json the new version, but nothing. It's get replaced, so i think we need @wclr make that update, or better make the change suggested here #273 (comment)

[jimmywarting]

• Fixed (removed dateformat)
• Made a release
• Can now close this issue

[kamikazebr]

Its Works! Tyvm!

[karlhorky]

Version [email protected] looks good! Closing.

$ npm install ts-node-dev
$ ...
$ npm audit
found 0 vulnerabilities