-
Notifications
You must be signed in to change notification settings - Fork 41
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update to strip-ansi@6.0.1 for ansi-regex CVE-2021-3807 #111
Comments
|
mriedem
added a commit
to mriedem/cliui
that referenced
this issue
Oct 21, 2021
This updates strip-ansi and mocha to pick up ansi-regex 5.0.1 for CVE-2021-3807 [1][2]. [1] https://nvd.nist.gov/vuln/detail/CVE-2021-3807 [2] GHSA-93q8-gq69-wqmw Closes yargs#111
Hi, any progress in updating dependencies please? Thanks |
There are at least two open PRs but need a maintainer to run checks on them. |
Hi |
bcoe
pushed a commit
that referenced
this issue
Feb 5, 2022
This updates strip-ansi and mocha to pick up ansi-regex 5.0.1 for CVE-2021-3807 [1][2]. [1] https://nvd.nist.gov/vuln/detail/CVE-2021-3807 [2] GHSA-93q8-gq69-wqmw Closes #111
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The latest version of cliui requires strip-ansi 6.0.0 which requires ansi-regex 5.0.0 which has a CVE against it:
https://nvd.nist.gov/vuln/detail/CVE-2021-3807
Update the cliui dependency on strip-ansi to 6.0.1 which requires ansi-regex 5.0.1 to resolve the vulnerability in this dependency chain:
https://github.com/chalk/strip-ansi/blob/v6.0.1/package.json#L47
I'm here because of this dependency chain:
Updating to the latest @carbon/charts-vue@0.41.95 does not resolve that issue.
This may be related to issues #106 and #110.
The text was updated successfully, but these errors were encountered: