fix: replace ansi-html with ansi-html-community to fix vulnerability

This is a fix for the vulnerability reported in [CVE-2021-23424][CVE] by replacing the ansi-html dependency with a fork of the project that has the [suggested fix][ansi-html-fix] and resolves [webpack-contrib#412][412] [CVE]: https://nvd.nist.gov/vuln/detail/CVE-2021-23424 [ansi-html-fix]: Tjatse/ansi-html#19 [412]: webpack-contrib#412
nttibbetts · Sep 9, 2021 · adeeade · adeeade
1 parent f0ffa4c
commit adeeade
Show file tree

Hide file tree

Showing 4 changed files with 7 additions and 7 deletions.
diff --git a/README.md b/README.md
@@ -91,7 +91,7 @@ Configuration options can be passed to the client by adding querystring paramete
 * **quiet** - Set to `true` to disable all console logging.
 * **dynamicPublicPath** - Set to `true` to use webpack `publicPath` as prefix of `path`. (We can set `__webpack_public_path__` dynamically at runtime in the entry point, see note of [output.publicPath](https://webpack.js.org/configuration/output/#output-publicpath))
 * **autoConnect** - Set to `false` to use to prevent a connection being automatically opened from the client to the webpack back-end - ideal if you need to modify the options using the `setOptionsAndConnect` function
-* **ansiColors** - An object to customize the client overlay colors as mentioned in the [ansi-html](https://github.com/Tjatse/ansi-html/blob/99ec49e431c70af6275b3c4e00c7be34be51753c/README.md#set-colors) package.
+* **ansiColors** - An object to customize the client overlay colors as mentioned in the [ansi-html-community](https://github.com/mahdyar/ansi-html-community#set-colors) package.
 * **overlayStyles** - An object to let you override or add new inline styles to the client overlay div.
 * **overlayWarnings** - Set to `true` to enable client overlay on warnings in addition to errors.
 

diff --git a/client-overlay.js b/client-overlay.js
@@ -21,7 +21,7 @@ var styles = {
   textAlign: 'left',
 };
 
-var ansiHTML = require('ansi-html');
+var ansiHTML = require('ansi-html-community');
 var colors = {
   reset: ['transparent', 'transparent'],
   black: '181818',

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -26,7 +26,7 @@
   "author": "Glen Mailer <glen@stainlessed.co.uk>",
   "license": "MIT",
   "dependencies": {
-    "ansi-html": "0.0.7",
+    "ansi-html-community": "0.0.8",
     "html-entities": "^2.1.0",
     "querystring": "^0.2.0",
     "strip-ansi": "^6.0.0"