Wrap-Ansi using vulnerable packages
Hunter343 opened this issue · 0 comments
Hunter343 commented
wrap-ansi is using packages that are vulnerable to Inefficient Regular Expression Complexity (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3807). This vulnerability lives in ansi-regex 5.0.1 and has been resolved in ansi-regex 6.0.1.
wrap-ansi needs to update the dependencies string-width and strip-ansi to their current version to resolve this vulnerability