Vulnerability around ansi-regex

yeoman / environment

Yeoman runtime environment

BSD 2-Clause "Simplified" License

128 stars 70 forks source link

Vulnerability around ansi-regex #372

Closed gee4vee closed 2 years ago

gee4vee commented 2 years ago

https://security.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908

Similar issue happening in other components. It appears npm-log is one source of vulnerability. https://github.com/mapbox/node-pre-gyp/issues/620

Dep tree for 3.8.0:

└─┬ yeoman-environment@3.8.0
  └─┬ @npmcli/arborist@4.0.4
    └─┬ @npmcli/run-script@2.0.0
      └─┬ node-gyp@8.4.0
        └─┬ npmlog@4.1.2
          └─┬ gauge@2.7.4
            └─┬ strip-ansi@3.0.1
              └── ansi-regex@2.1.1

github-actions[bot] commented 2 years ago

This issue is stale because it has been open with no activity. Remove stale label or comment or this will be closed

symphony-youness commented 2 years ago

This issue is fixed in npmlog@6.0.0. Bumping the version should fix remove the CVE.

github-actions[bot] commented 2 years ago

This issue is stale because it has been open with no activity. Remove stale label or comment or this will be closed