Hey there,
Synk is reporting a vulnerability in yargs v15.4.1. It seems to be stemming from ansi-regex v2.1.1. Overriding ansi-regex to 4.1.1 has fixed the issue and it is still functional but thought I would bring it up.
✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908] in ansi-regex@2.1.1 introduced by qrcode@1.5.3 > yargs@15.4.1 > string-width@4.2.3 > strip-ansi@6.0.1 > ansi-regex@2.1.1 and 4 other path(s) This issue was fixed in versions: 3.0.1, 4.1.1, 5.0.1, 6.0.1
zac1st1k
commented
4 months ago
Hey there, Synk is reporting a vulnerability in yargs v15.4.1. It seems to be stemming from ansi-regex v2.1.1. Overriding ansi-regex to 4.1.1 has fixed the issue and it is still functional but thought I would bring it up.
✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908] in ansi-regex@2.1.1 introduced by qrcode@1.5.3 > yargs@15.4.1 > string-width@4.2.3 > strip-ansi@6.0.1 > ansi-regex@2.1.1 and 4 other path(s) This issue was fixed in versions: 3.0.1, 4.1.1, 5.0.1, 6.0.1