Depends on vulnerable versions of strip-ansi

Question

Depends on vulnerable versions of strip-ansi

Closed this issue 3 years ago · 1 comments

Getting this from npm audit fix:

# npm audit report

ansi-regex  >2.1.1 <5.0.1
Severity: moderate
 Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
fix available via `npm audit fix --force`
Will install @soda/friendly-errors-webpack-plugin@1.7.1, which is a breaking change
node_modules/ansi-regex
  strip-ansi  4.0.0 - 5.2.0
  Depends on vulnerable versions of ansi-regex
  node_modules/strip-ansi
    @soda/friendly-errors-webpack-plugin  >=1.8.0
    Depends on vulnerable versions of strip-ansi
    node_modules/@soda/friendly-errors-webpack-plugin

I think it just needs strip-ansi dependency updated to ^6 but haven't tested.

Answer 1 · 2021-10-21T19:38:49.000Z

I think string-width needs updating to >= 4.2.3 also:

https://github.com/sodatea/friendly-errors-webpack-plugin/blob/master/package.json#L71

sindresorhus/string-width@e7a2755