Exceptions are advisories your project will ignore

Untrusted content not exposed to UglifyJS

Untrusted content not exposed to UglifyJS

AFAICT the dep in question (connect-auth-pumpio) doesn't actually invoke this function. Normally I wouldn't care and say patch it anyway, but this is legacy code that we really should just rip out instead. If this was information disclosure it'd be a different story, but I think fixing this in the short-term just isn't justified.

`gm` does not use the %o formatter, which is the vulnerable function.