search

antongolub / yarn-audit-fix

The missing `yarn audit fix`
MIT License
179 stars 8 forks source link

Update dependency ansi-regex to v6 #277

Closed renovate[bot] closed 1 year ago

renovate[bot] commented 1 year ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
ansi-regex ^5.0.1 -> ^6.0.0 age adoption passing confidence

Release Notes

chalk/ansi-regex ### [`v6.0.1`](https://togithub.com/chalk/ansi-regex/releases/tag/v6.0.1) [Compare Source](https://togithub.com/chalk/ansi-regex/compare/v6.0.0...v6.0.1) ##### Fixes - Fix [ReDoS](https://en.wikipedia.org/wiki/ReDoS) in certain cases ([#​37](https://togithub.com/chalk/ansi-regex/issues/37)) You are only really affected if you run the regex on untrusted user input in a server context, which it's very unlikely anyone is doing, since this regex is mainly used in command-line tools. [CVE-2021-3807](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3807) Thank you [@​yetingli](https://togithub.com/yetingli) for the patch and reproduction case! ### [`v6.0.0`](https://togithub.com/chalk/ansi-regex/releases/tag/v6.0.0) [Compare Source](https://togithub.com/chalk/ansi-regex/compare/v5.0.1...v6.0.0) ##### Breaking - Require Node.js 12 [`1b337ad`](https://togithub.com/chalk/ansi-regex/commit/1b337ad) - This package is now pure ESM. Please [read this](https://gist.github.com/sindresorhus/a39789f98801d908bbc7ff3ecc99d99c).

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Mend Renovate. View repository job log here.

sonarcloud[bot] commented 1 year ago

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

renovate[bot] commented 1 year ago

Renovate Ignore Notification

As this PR has been closed unmerged, Renovate will ignore this upgrade and you will not receive PRs for any future 6.x releases. However, if you upgrade to 6.x manually then Renovate will reenable minor and patch updates automatically.

If this PR was closed by mistake or you changed your mind, you can simply rename this PR and you will soon get a fresh replacement PR opened.