Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Release version 3.0.1 with updated dependencies #61

Open
amitzur opened this issue Nov 19, 2019 · 5 comments
Open

Release version 3.0.1 with updated dependencies #61

amitzur opened this issue Nov 19, 2019 · 5 comments

Comments

@amitzur
Copy link

amitzur commented Nov 19, 2019

Along the past 2 years greenkeeper has updated many dependencies.
Since this package has 5.7M weekly downloads, it makes sense to release a new patch version with these updated dependencies.
I encountered this when inspecting boxen's dependency tree, and string-width can't be deduped because of this.

Thanks!
@mobeigi
Copy link

mobeigi commented Sep 24, 2021
edited
Loading

I'm trying to fix a vulnerability with that needs me to bump to ansi-regex@^5.0.1.

From the npm package my ansi-align package had a "string-width": "^3.0.0".
I had to manually bump it in my yarn.lock to "string-width": "^4.1.0" to fix it (which also matched this repos package.json).

So yeah we need to release v3.0.1 with the current dependencies in package.json.

@remy remy mentioned this issue Sep 24, 2021
Closed
@petewalker
Copy link

@nexdrew - Any chance this can be looked at? Is this package still being maintained?

@nexdrew
Copy link
Owner

nexdrew commented Sep 27, 2021

@amitzur @kpkonghk01 @mobeigi @petewalker Apologies for the long delay, just published ansi-align@3.0.1 that bumps the string-width dependency to semver range ^4.1.0, which will install version 4.2.3 at the time of this writing.

Please let me know if this does or does not satisfy your concerns with either de-duping or patching a security vulnerability.

I realize the current latest version of string-width is 5.0.1, but that will require a major version bump for the next release of ansi-align, so I will attempt to tackle that later.

@remy remy mentioned this issue Sep 29, 2021
Closed
@opravil-jan
Copy link

Hi,
when the update to string-width 5.0.1 will come? There is vulnerability in ansi-regex.
Thanks

@aledalgrande aledalgrande mentioned this issue Jan 4, 2022
Closed
@platzhersh
Copy link

platzhersh commented Sep 18, 2023
edited
Loading

Also having issues here when using string-width 6.1.0

node_modules/ansi-align/index.js:3
const stringWidth = require('string-width')
                    ^

Error [ERR_REQUIRE_ESM]: require() of ES Module node_modules/string-width/index.js from node_modules/ansi-align/index.js not supported.
Instead change the require of node_modules/string-width/index.js in node_modules/ansi-align/index.js to a dynamic import() which is available in all CommonJS modules.
    at Object.<anonymous> (node_modules/ansi-align/index.js:3:21) {
  code: 'ERR_REQUIRE_ESM'
}

Node.js v20.4.0

@platzhersh platzhersh mentioned this issue Sep 18, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@amitzur @petewalker @platzhersh @nexdrew @opravil-jan @mobeigi