Turbo87
commented
2 years ago the dependency requirement already allows 4.2.3 to be installed, so there is no need to change it. feel free to open a PR though.
Closed jhawkins1 closed 2 years ago
Turbo87
commented
2 years ago the dependency requirement already allows 4.2.3 to be installed, so there is no need to change it. feel free to open a PR though.
jhawkins1
commented
2 years ago @Turbo87 Looks like DependaBot already updated the dependencies on https://github.com/cli-table/cli-table3/pull/254. When will a new Release be made to include this and other dependency updates to address security vulns?
AlexandreGuinaudeau
commented
11 months ago @Turbo87 there already is an automatic PR open to bump the dependency: https://github.com/cli-table/cli-table3/pull/267 - would you be able to merge it?
The version of string-width dependency, which has a dependency on strip-ansi, is using a vulnerable version of ansi-regex. Need to upgrade the dependency version in the package.json to 4.2.3 or to the 5.x.x family of string-width (latest is 5.1.0). https://github.com/sindresorhus/string-width/releases