Depends on vulnerable versions of strip-ansi #5

waddles · 2021-10-18T04:57:51Z

Getting this from npm audit fix:

# npm audit report

ansi-regex  >2.1.1 <5.0.1
Severity: moderate
 Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
fix available via `npm audit fix --force`
Will install @soda/[email protected], which is a breaking change
node_modules/ansi-regex
  strip-ansi  4.0.0 - 5.2.0
  Depends on vulnerable versions of ansi-regex
  node_modules/strip-ansi
    @soda/friendly-errors-webpack-plugin  >=1.8.0
    Depends on vulnerable versions of strip-ansi
    node_modules/@soda/friendly-errors-webpack-plugin

I think it just needs strip-ansi dependency updated to ^6 but haven't tested.

The text was updated successfully, but these errors were encountered:

mriedem · 2021-10-21T19:38:49Z

I think string-width needs updating to >= 4.2.3 also:

https://github.com/sodatea/friendly-errors-webpack-plugin/blob/master/package.json#L71

sindresorhus/string-width@e7a2755

This updates string-width and strip-ansi to versions that require ansi-regex 5.0.1 for CVE-2021-3807 [1][2]. [1] https://nvd.nist.gov/vuln/detail/CVE-2021-3807 [2] GHSA-93q8-gq69-wqmw Closes haoqunjiang#5

mriedem mentioned this issue Oct 21, 2021

Update dependencies for ansi-regex CVE-2021-3807 #6

Closed

haoqunjiang closed this as completed in f06ae10 Nov 15, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Depends on vulnerable versions of strip-ansi #5

Depends on vulnerable versions of strip-ansi #5

waddles commented Oct 18, 2021

mriedem commented Oct 21, 2021 •

edited

Loading

Depends on vulnerable versions of strip-ansi #5

Depends on vulnerable versions of strip-ansi #5

Comments

waddles commented Oct 18, 2021

mriedem commented Oct 21, 2021 • edited Loading

mriedem commented Oct 21, 2021 •

edited

Loading