Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security vulnerability in nested ansi-regex package #384

Open
cm185288 opened this issue Oct 4, 2021 · 4 comments
Open

Security vulnerability in nested ansi-regex package #384

cm185288 opened this issue Oct 4, 2021 · 4 comments

Comments

@cm185288
Copy link

cm185288 commented Oct 4, 2021
edited
Loading

Found a security vulnerability in the ansi-regex package, which is a nested dependency from the yargs package.

Here's the relevant vulnerability page from NVD: https://nvd.nist.gov/vuln/detail/CVE-2021-3807

Has been updated in Yargs 17.2.1
@mhamann
Copy link
Collaborator

mhamann commented Oct 4, 2021

Thanks for reporting. I'd just noticed this vulnerability as well in some other packages earlier today.

@robbysamtech
Copy link

Hi there - Do we know if there is a ETA for this to be fixed?

@mhamann
Copy link
Collaborator

mhamann commented Oct 22, 2021

@robbysamtech it's on my to-do list for next week!

@makiri1993
Copy link

Hey 👋
Any news on this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mhamann @robbysamtech @makiri1993 @cm185288