This repository has been archived by the owner on May 22, 2024. It is now read-only.
[Snyk: High]: ansi-regex Regular Expression Denial of Service (ReDoS) (due 02/03/2022) #646
Labels
Milestone
Overview
Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to the sub-patterns [\#;?]* and (?:;[-a-zA-Z\d\/#&.:=?%@~_]).
https://security.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
Detailed path:
Introduced through: node-sass@7.0.0
Fixed in: ansi-regex@6.0.1, @5.0.1
Introduced through: fec-eregs@1.0.0 › node-sass@7.0.0 › sass-graph@2.2.5 › yargs@13.3.2 › string-width@3.1.0 › strip-ansi@5.2.0 › ansi-regex@4.1.0
Fix: No remediation path available.
Introduced through: fec-eregs@1.0.0 › node-sass@7.0.0 › sass-graph@2.2.5 › yargs@13.3.2 › cliui@5.0.0 › strip-ansi@5.2.0 › ansi-regex@4.1.0
Fix: No remediation path available.
Introduced through: fec-eregs@1.0.0 › node-sass@7.0.0 › npmlog@5.0.1 › gauge@3.0.1 › string-width@2.1.1 › strip-ansi@4.0.0 › ansi-regex@3.0.0
Fix: Your dependencies are out of date, otherwise you would be using a newer ansi-regex than ansi-regex@3.0.0. Try relocking your lockfile or deleting node_modules, reinstalling and running snyk wizard. If the problem persists, one of your dependencies may be bundling outdated modules.
Introduced through: fec-eregs@1.0.0 › node-sass@7.0.0 › sass-graph@2.2.5 › yargs@13.3.2 › cliui@5.0.0 › string-width@3.1.0 › strip-ansi@5.2.0 › ansi-regex@4.1.0
Fix: No remediation path available.
Introduced through: fec-eregs@1.0.0 › node-sass@7.0.0 › sass-graph@2.2.5 › yargs@13.3.2 › cliui@5.0.0 › wrap-ansi@5.1.0 › strip-ansi@5.2.0 › ansi-regex@4.1.0
Fix: No remediation path available.
Introduced through: fec-eregs@1.0.0 › node-sass@7.0.0 › npmlog@5.0.1 › gauge@3.0.1 › wide-align@1.1.5 › string-width@2.1.1 › strip-ansi@4.0.0 › ansi-regex@3.0.0
Fix: Your dependencies are out of date, otherwise you would be using a newer ansi-regex than ansi-regex@3.0.0. Try relocking your lockfile or deleting node_modules, reinstalling and running snyk wizard. If the problem persists, one of your dependencies may be bundling outdated modules.
Introduced through: fec-eregs@1.0.0 › node-sass@7.0.0 › sass-graph@2.2.5 › yargs@13.3.2 › cliui@5.0.0 › wrap-ansi@5.1.0 › string-width@3.1.0 › strip-ansi@5.2.0 › ansi-regex@4.1.0
Fix: No remediation path available.
Introduced through: fec-eregs@1.0.0 › node-sass@7.0.0 › node-gyp@7.1.2 › npmlog@4.1.2 › gauge@2.7.4 › wide-align@1.1.5 › string-width@2.1.1 › strip-ansi@4.0.0 › ansi-regex@3.0.0
Fix: Your dependencies are out of date, otherwise you would be using a newer ansi-regex than ansi-regex@3.0.0. Try relocking your lockfile or deleting node_modules, reinstalling and running snyk wizard. If the problem persists, one of your dependencies may be bundling outdated modules.
Completion criteria:
The text was updated successfully, but these errors were encountered: