Update strip-ansi due to security vulnerability about ansi-regex(v4.1.0)

[jcoyne]

Description

The cli package specifies strip-ansi 5.2.0. This version pulls in a vulnerable version of ansi-regex. Can strip-ansi be upgraded to 6.x or 7.x?

https://github.com/react-native-community/cli/blob/master/packages/cli/package.json#L55

See:

• Fix CG by updating strip-ansi from 5.2.0 to 6.0.1 jest-community/jest-junit#188
• Update ansi-regex in version 6 chalk/strip-ansi#40

[thymikee]

Feel free to submit a PR with a fix. I'd be happy to merge it :)

[jcoyne]

@thymikee I don't actually use react-native, it only ended up in my bundle by way of a indirect dependency (aws-amplify/amplify-js#9119). So, while I can make this change. I have no way of testing that it still works.

[tex0l]

This is due to zamotany/logkitty#32 for https://github.com/react-native-community/cli/blob/master/packages/platform-android/package.json, and due to the use of ora@3.4.0 which can be updated to v6.0.1 in https://github.com/react-native-community/cli/blob/master/packages/platform-ios/package.json, and the direct use of strip-ansi@5.2.0 in https://github.com/react-native-community/cli/blob/master/packages/cli/package.json

[Brma1048]

Any updates on this? It's still using 4.1.0 with security vulnerability
and ora and ws must also be updatet to a newer version

[github-actions]

There hasn't been any activity on this issue in the past 3 months, so it has been marked as stale and it will be closed automatically if no further activity occurs in the next 7 days.