Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Moderate severity issue in dependency (ansi-regex) #291

Closed
tneullas opened this issue Nov 15, 2021 · 2 comments
Closed

Moderate severity issue in dependency (ansi-regex) #291

tneullas opened this issue Nov 15, 2021 · 2 comments

Comments

@tneullas
Copy link

Hello, since last month there is a moderate severity vulnerability on plop package that is coming from ora > strip-ansi > ansi-regex dependency.

Would you consider updating ora package as version is really outdated (currently its 6.0.1) ?

See GHSA-93q8-gq69-wqmw for more informations on security issue.
@Pike
Copy link
Contributor

Pike commented Nov 22, 2021

ora moved over to ESM-only, so this isn't as trivial as one would hope.

@crutchcorn
Copy link
Member

crutchcorn commented Nov 22, 2021
edited

@Pike, you're 100% right and this is why we didn't update originally. I was originally going to wait for e2e tests before introducing them, but I ought to switch things over sooner than later. I'll work on some E2E tests and fix things tonight, alongside an update

I just saw your commit tho - Looks good for the most part (altho we would like to keep that export if we can). If it's okay, can I cherry-pick for part of my fix? EDIT: Just saw PR

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Pike @tneullas @crutchcorn