Cut a new release to solve security issues in dependency chains
vpetkar opened this issue · 1 comments
vpetkar commented
There are security vulnerabilities in ansi-regex <3.0.0. It appears that this has already been fixed on master, so all that is required is cutting a new release to npm.
dylanlan commented
We'd also be interested in this - we're running into the same vulnerability warning from Snyk.
We have considered trying to use a Yarn Resolution to indirectly upgrade the ansi-regex version that gets used: https://classic.yarnpkg.com/lang/en/docs/selective-version-resolutions/
I'd be nice to just use a new version of this package instead, though.