deepakvk
commented
3 years ago Is there any update on this issue?
Open deepakvk opened 3 years ago
deepakvk
commented
3 years ago Is there any update on this issue?
There's a Regular Expression Denial of Service vulnerability in the ansi-regex package in versions < 6.0.1: https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908 https://nvd.nist.gov/vuln/detail/CVE-2021-3807
Would it be possible to update inquirer deps to use a major version like inquirer@7.3.3?
The dependencies from this package that use out of date versions that I see are: strip-ansi@4.0.0 > ansi-regex@3.0.0
Fix versions are https://github.com/chalk/ansi-regex/releases/tag/v6.0.1, https://github.com/chalk/ansi-regex/releases/tag/v5.0.1