Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update strip-ansi in 4.2 to address CVE #32

Closed
woehr opened this issue Sep 23, 2021 · 1 comment
Closed

Update strip-ansi in 4.2 to address CVE #32

woehr opened this issue Sep 23, 2021 · 1 comment

Comments

@woehr
Copy link

woehr commented Sep 23, 2021

Now that strip-ansi has version 6.0.1 that addresses the CVE in its dependency of ansi-regex (chalk/strip-ansi#40; thank you!), would it be possible to update the strip-ansi dependency in version 4.2 of string-width. This is required for upstream packages that can't update to version 5 due to it being pure ESM.
@sindresorhus
Copy link
Owner

https://github.com/sindresorhus/string-width/releases/tag/v4.2.3

In the future, you can just add the ansi-regex, for example, as a dependency to be able to force a specific version.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sindresorhus @woehr