Improper affected version field for CVE-2021-3807

[cardil]

Hi,

I couldn't find a place where I should raise this. The CVE-2021-3807 vulnerability in Github Advisory Database has invalid range set for affected version. It's set to <6.0.1, but should be >=6.0.0 <6.0.1 || <5.0.1. Snyk database properly shows that, see: https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908. The fix has been back ported to 5.0.1, see: chalk/ansi-regex#38 (comment).

Please change this, or point me to where I should raise this to make it adjusted.

[aeisenberg]

Thank you for reporting this. I've notified the proper team and they will be adjusting the affected versions appropriately.

[shelbyc]

Thank you both for bringing this to our attention. I've added 5.0.1 as a fixed version and added references for the backport. GHSA-93q8-gq69-wqmw should show the updates now.

[sindresorhus]

v2.1.1 and lower should also not be marked as vulnerable: chalk/ansi-regex#38 (comment)

[shelbyc]

Thank you for letting us know. I've changed the vulnerable version range to show that only versions greater than 2.1.1 are vulnerable.