Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerability around ansi-regex #372

Closed
gee4vee opened this issue Nov 16, 2021 · 3 comments
Closed

Vulnerability around ansi-regex #372

gee4vee opened this issue Nov 16, 2021 · 3 comments
Labels
stale

Comments

@gee4vee
Copy link

gee4vee commented Nov 16, 2021

https://security.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908

Similar issue happening in other components. It appears npm-log is one source of vulnerability.
mapbox/node-pre-gyp#620

Dep tree for 3.8.0:

└─┬ yeoman-environment@3.8.0
  └─┬ @npmcli/arborist@4.0.4
    └─┬ @npmcli/run-script@2.0.0
      └─┬ node-gyp@8.4.0
        └─┬ npmlog@4.1.2
          └─┬ gauge@2.7.4
            └─┬ strip-ansi@3.0.1
              └── ansi-regex@2.1.1
@gee4vee gee4vee mentioned this issue Nov 16, 2021
Merged
@symphony-youness symphony-youness mentioned this issue Dec 13, 2021
Merged
6 tasks
@github-actions
Copy link
Contributor

This issue is stale because it has been open with no activity. Remove stale label or comment or this will be closed

@github-actions github-actions bot added the stale label Dec 17, 2021
@symphony-youness
Copy link

symphony-youness commented Dec 17, 2021
edited

This issue is fixed in npmlog@6.0.0. Bumping the version should fix remove the CVE.

@symphony-youness symphony-youness mentioned this issue Dec 17, 2021
Closed
@github-actions github-actions bot removed the stale label Dec 18, 2021
@github-actions
Copy link
Contributor

This issue is stale because it has been open with no activity. Remove stale label or comment or this will be closed

@github-actions github-actions bot added the stale label Jan 17, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gee4vee @symphony-youness