search

yargs / cliui

easily create complex multi-column command-line-interfaces.
ISC License
372 stars 41 forks source link

Upgrade strip-ansi to 7.x #128

Closed apupier closed 2 years ago

apupier commented 2 years ago 
ansi-regex  5.0.0
Severity: high
Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
fix available via `npm audit fix`
node_modules/mocha/node_modules/ansi-regex
└─┬ cliui@7.0.4
       └─┬ strip-ansi@6.0.0
              └── ansi-regex@5.0.0

latest cliui is still on strip-ansi 6.0.1 https://github.com/yargs/cliui/blob/af3145da0ea31738c4715865a6da0ee388a94c74/package.json#L53 and 7.x is required https://github.com/chalk/strip-ansi/blob/dd40fa7ced678f14dfb43eb9b62b8e7313fb7011/package.json#L50

apupier commented 2 years ago

seems I initially misread it, 6.0.1 should be enough to avoid the CVE alert through transitive dependencies. Sorry for the inconvenience