dependabot npm(deps): bump ansi-regex from 5.0.1 to 6.0.1 (!7) · Merge requests · kgroup / bintra

Kai Kretschmann requested to merge dependabot-npm_and_yarn-ansi-regex-6.0.1 into master Jan 06, 2022

Bumps ansi-regex from 5.0.1 to 6.0.1.

Release notes

v6.0.1

Fixes

Fix ReDoS in certain cases (#37) You are only really affected if you run the regex on untrusted user input in a server context, which it's very unlikely anyone is doing, since this regex is mainly used in command-line tools.

CVE-2021-3807

https://github.com/chalk/ansi-regex/compare/v6.0.0...v6.0.1

Thank you @yetingli for the patch and reproduction case!

v6.0.0

Breaking

Require Node.js 12 1b337ad

This package is now pure ESM. Please read this.

https://github.com/chalk/ansi-regex/compare/v5.0.0...v6.0.0

Commits

d908492 6.0.1
8d1d7cd Fix potential ReDoS (#37)
c1b5e45 6.0.0
1b337ad Require Node.js 12 and move to ESM
See full diff in compare view

dependabot npm(deps): bump ansi-regex from 5.0.1 to 6.0.1

v6.0.1

Fixes

v6.0.0

Breaking

Merge request reports