CVE-2021-3807: Inefficient Regular Expression Complexity in chalk/ansi-regex
fredkilbourn opened this issue · 4 comments
Inefficient Regular Expression Complexity in chalk/ansi-regex
ansi-regex is vulnerable to Inefficient Regular Expression Complexity
@discordjs/opus@0.6.0 requires ansi-regex@^3.0.0 via a transitive dependency on strip-ansi@4.0.0
Need to update dependencies to non-vulnerable versions to resolve. This is triggering dependabot alerts on my repo due to including this project.
Updating ansi-regex to v5.0.1 https://github.com/chalk/ansi-regex/releases/tag/v5.0.1 will resolve this vulnerability.
Or https://github.com/chalk/ansi-regex/releases/tag/v6.0.1 if you're comfortable with it changing to an ESM module.
bump?
Sorry - looks like this is actually coming from pretty far upstream so I'll go bother them and leave you alone.