Skip to content
This repository has been archived by the owner on Nov 16, 2023. It is now read-only.

Versions of ansi-regex >2.1.1 <5.0.1 are vernerable to Inefficient Regular Expression Complexity #31

Open
blue-int opened this issue Dec 2, 2021 · 0 comments

Comments

@blue-int
Copy link

blue-int commented Dec 2, 2021

# npm audit report

ansi-regex  >2.1.1 <5.0.1
Severity: moderate
 Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/eslint-config-naver/node_modules/ansi-regex
node_modules/eslint-config-naver/node_modules/string-width/node_modules/ansi-regex
node_modules/inquirer/node_modules/ansi-regex
node_modules/inquirer/node_modules/strip-ansi/node_modules/ansi-regex
  strip-ansi  4.0.0 - 5.2.0
  Depends on vulnerable versions of ansi-regex
  node_modules/eslint-config-naver/node_modules/string-width/node_modules/strip-ansi
  node_modules/eslint-config-naver/node_modules/strip-ansi
  node_modules/inquirer/node_modules/string-width/node_modules/strip-ansi
  node_modules/inquirer/node_modules/strip-ansi
    eslint  4.5.0 - 7.15.0
    Depends on vulnerable versions of inquirer
    Depends on vulnerable versions of strip-ansi
    Depends on vulnerable versions of table
    node_modules/eslint-config-naver/node_modules/eslint
      eslint-config-naver  1.0.1 || >=2.0.0
      Depends on vulnerable versions of eslint
      node_modules/eslint-config-naver
    inquirer  3.2.0 - 7.0.4
    Depends on vulnerable versions of string-width
    Depends on vulnerable versions of strip-ansi
    node_modules/inquirer
    string-width  2.1.0 - 4.1.0
    Depends on vulnerable versions of strip-ansi
    node_modules/eslint-config-naver/node_modules/string-width
    node_modules/inquirer/node_modules/string-width
      table  4.0.2 - 5.4.6
      Depends on vulnerable versions of string-width
      node_modules/eslint-config-naver/node_modules/table

7 moderate severity vulnerabilities
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant