Security vulnerability - ansi-regex@5.0.0

testing-library / jest-dom

:owl: Custom jest matchers to test the state of the DOM

https://testing-library.com/docs/ecosystem-jest-dom

MIT License

4.41k stars 393 forks source link

Security vulnerability - ansi-regex@5.0.0 #403

Open graniczny opened 3 years ago

graniczny commented 3 years ago

@testing-library/jest-dom version: 5.14.1
node version: any
npm (or yarn) version: any

Problem description:

Used dependency ansi-regex@5.0.0 has a security vulnerability. https://snyk.io/vuln/npm:ansi-regex

Suggested solution:

Update ansi-regex to 5.0.1

gnapse commented 3 years ago

Thanks for the report @graniczny.

It seems this is not a direct dependency, but a dependency of a dependency. We'd need to figure out which one is it first, and see the implications of updating whichever direct dependency is causing this.

Also, I'd encourage you to take a shot at it with a PR, if you feel like it. If not, that's ok too. Thanks again.