ansi-regex needs to be updated

Cordobo / angularx-qrcode

A fast and easy-to-use Angular QR Code Generator library with Ivy support

https://cordobo.github.io/angularx-qrcode/

MIT License

469 stars 125 forks source link

ansi-regex needs to be updated #140

Closed TatianaIvanovaW closed 2 years ago

TatianaIvanovaW commented 3 years ago

Hello, ansi-regex cause Moderate vulnerability with the following error: Inefficient Regular Expression Complexity in chalk/ansi-regex ansi-regex needs to be updated up to version 5.0.1 or higher. check here for more details: (https://github.com/advisories/GHSA-93q8-gq69-wqmw)

petercmuc commented 2 years ago

This is not directly a problem of this package, but of its dependency "qrcode" and needs to be fixed there (see https://github.com/soldair/node-qrcode/issues/278). When it is fixed there, the dependencies of this package should be updated and a new release be built.

michaelbalber commented 2 years ago

A fixed version of qrcode has been released. https://github.com/soldair/node-qrcode/issues/278 Will it now be possible to use the new version?

Cordobo commented 2 years ago

I updated qrcode to the latest version 1.5.0 with the ansi-regex fix included.

There are still vulnerable ansi-regex dependencies in the npm chain, but only in the build and test chain of angular 12.