You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The package currently depends on v2 of string-width, which transitively depend on ansi-regex v3, for which Snyk reports a ReDoS vulnerability.
It would be great to upgrade to the v4 of string-width, which uses a version of ansi-regex that has been patched (upgrading to string-width v5 is harder, as it is an ES module and so might require migrating to ESM too, which would require a major version, which then would still justify upgrading to v4 first to fix things in the existing major version)
The text was updated successfully, but these errors were encountered:
The package currently depends on v2 of
string-width, which transitively depend onansi-regexv3, for which Snyk reports a ReDoS vulnerability.It would be great to upgrade to the v4 of
string-width, which uses a version ofansi-regexthat has been patched (upgrading tostring-widthv5 is harder, as it is an ES module and so might require migrating to ESM too, which would require a major version, which then would still justify upgrading to v4 first to fix things in the existing major version)The text was updated successfully, but these errors were encountered: