Skip to content

dependabot npm(deps): bump ansi-regex from 5.0.1 to 6.0.1

Kai Kretschmann requested to merge dependabot-npm_and_yarn-ansi-regex-6.0.1 into master

Bumps ansi-regex from 5.0.1 to 6.0.1.

Release notes

Sourced from ansi-regex's releases.

v6.0.1

Fixes

  • Fix ReDoS in certain cases (#37) You are only really affected if you run the regex on untrusted user input in a server context, which it's very unlikely anyone is doing, since this regex is mainly used in command-line tools.

CVE-2021-3807

https://github.com/chalk/ansi-regex/compare/v6.0.0...v6.0.1

Thank you @​yetingli for the patch and reproduction case!

v6.0.0

Breaking

  • Require Node.js 12 1b337ad
  • This package is now pure ESM. Please read this.

https://github.com/chalk/ansi-regex/compare/v5.0.0...v6.0.0

Commits

Merge request reports

Loading