We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Inefficient Regular Expression Complexity in chalk/ansi-regex ansi-regex is vulnerable to Inefficient Regular Expression Complexity
GHSA-93q8-gq69-wqmw
This is coming from upstream but the fixes are just now reaching this level:
├ @discordjs/node-pre-gyp@0.4.2 └─┬ npmlog@5.0.1 └─┬ gauge@3.0.1 ├─┬ string-width@2.1.1 │ └── strip-ansi@4.0.0 deduped ├─┬ strip-ansi@4.0.0 │ └── ansi-regex@3.0.0 └─┬ wide-align@1.1.5 └── string-width@2.1.1 deduped
npmlog v5 is vulnerable, but npmlog v6 is now using the fixed upstream packages and is no longer vulnerable.
This commit in https://github.com/mapbox/node-pre-gyp now starts using npmlog v6: mapbox@ef8f171
I don't know if you guys are forking from main or waiting for release tags, but you should be able to integrate this fix now/soon.
The text was updated successfully, but these errors were encountered:
Related upstream issue: mapbox#620
Sorry, something went wrong.
@mapbox/node-pre-gyp@1.0.7 is now published which includes npmlog@6
mapbox#620 (comment)
2 week bump
No branches or pull requests
Inefficient Regular Expression Complexity in chalk/ansi-regex
ansi-regex is vulnerable to Inefficient Regular Expression Complexity
GHSA-93q8-gq69-wqmw
This is coming from upstream but the fixes are just now reaching this level:
npmlog v5 is vulnerable, but npmlog v6 is now using the fixed upstream packages and is no longer vulnerable.
This commit in https://github.com/mapbox/node-pre-gyp now starts using npmlog v6: mapbox@ef8f171
I don't know if you guys are forking from main or waiting for release tags, but you should be able to integrate this fix now/soon.
The text was updated successfully, but these errors were encountered: