Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade ora in cli-types #1507

Closed
jcoyne opened this issue Nov 15, 2021 · 4 comments
Closed

Upgrade ora in cli-types #1507

jcoyne opened this issue Nov 15, 2021 · 4 comments

Comments

@jcoyne
Copy link

jcoyne commented Nov 15, 2021

Description

ora version 3 pulls in a vulnerable version of strip-ansi (v4).
https://github.com/react-native-community/cli/blob/master/packages/cli-types/package.json#L9

This dependency is fixed in ora version 6: sindresorhus/ora@090860b

@djc
Copy link

djc commented Nov 25, 2021

Note that ora is used in all of cli, cli-types and platform-ios.

I looked at upgrading it in cli, but it seems the ora.Ora class used here is no longer exported, so I'm not sure how that should be solved (I'm not that experienced with the Node ecosystem/TypeScript). If anyone has a pointer how that should be done, I'm happy to try and fix that.

@stianjensen
Copy link
Contributor

I believe I've fixed most of that here, but I still have a few test failures to figure out:
#1522

@stianjensen
Copy link
Contributor

Fixed with #1522

@github-actions
Copy link

There hasn't been any activity on this issue in the past 3 months, so it has been marked as stale and it will be closed automatically if no further activity occurs in the next 7 days.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

4 participants