Skip to content
This repository has been archived by the owner on Jan 5, 2023. It is now read-only.

chore(deps): Bump ansi-regex and replace ansi-html #350

Merged
merged 3 commits into from
Oct 4, 2021
Merged

chore(deps): Bump ansi-regex and replace ansi-html #350

merged 3 commits into from
Oct 4, 2021

Conversation

mayank99
Copy link
Contributor

@mayank99 mayank99 commented Oct 4, 2021
edited
Loading

Force bumped ansi-regex to 5.0.1 because build was failing. Fixes GHSA-93q8-gq69-wqmw. Tried 6.0.1 but it uses ESM so it didn't work (see https://github.com/chalk/ansi-regex/releases/tag/v6.0.0). 5.0.1 is the most recent version that's not vulnerable.

Also replaced ansi-html with ansi-html-community by force bumping react-refresh-webpack-plugin. Fixes GHSA-whgm-jr23-g3j9 (see Tjatse/ansi-html#19).

Checklist

  • Add meaningful unit tests for your component (verify that all lines are covered)
  • Verify that all existing tests pass
  • Add component features demo in Storybook (different stories)
  • Approve test images for new stories
  • Add screenshots of the key elements of the component

@mayank99 mayank99 added the dependencies Pull requests that update a dependency file label Oct 4, 2021
@mayank99 mayank99 changed the title chore(deps): Bump ansi-regex to 5.0.1 chore(deps): Bump ansi-regex and replace ansi-html Oct 4, 2021
@mayank99 mayank99 marked this pull request as ready for review October 4, 2021 13:21
@mayank99 mayank99 requested a review from a team as a code owner October 4, 2021 13:21
@mayank99 mayank99 requested review from a team, bentleyvk and gretanausedaite and removed request for a team October 4, 2021 13:21
@mayank99 mayank99 merged commit b389bbb into main Oct 4, 2021
@mayank99 mayank99 deleted the mayank/ansi-regex-vulnerability branch October 4, 2021 13:33
mayank99 added a commit to iTwin/iTwinUI that referenced this pull request Dec 21, 2022
@mayank99
chore(deps): Bump ansi-regex and replace ansi-html (iTwin/iTwinUI-rea…
7bf94d2 
…ct#350)

Force bumped ansi-regex and react-refresh-webpack-plugin, replaced ansi-html with ansi-html-community.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@bentleyvk bentleyvk bentleyvk approved these changes

@gretanausedaite gretanausedaite Awaiting requested review from gretanausedaite

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mayank99 @bentleyvk