CVE-2021-3807 Resolution

[fredkilbourn]

Inefficient Regular Expression Complexity in chalk/ansi-regex
ansi-regex is vulnerable to Inefficient Regular Expression Complexity

GHSA-93q8-gq69-wqmw

This is coming from upstream but the fixes are just now reaching this level:

├ @discordjs/node-pre-gyp@0.4.2
└─┬ npmlog@5.0.1
  └─┬ gauge@3.0.1
    ├─┬ string-width@2.1.1
    │ └── strip-ansi@4.0.0 deduped
    ├─┬ strip-ansi@4.0.0
    │ └── ansi-regex@3.0.0
    └─┬ wide-align@1.1.5
      └── string-width@2.1.1 deduped

npmlog v5 is vulnerable, but npmlog v6 is now using the fixed upstream packages and is no longer vulnerable.

This commit in https://github.com/mapbox/node-pre-gyp now starts using npmlog v6: mapbox@ef8f171

I don't know if you guys are forking from main or waiting for release tags, but you should be able to integrate this fix now/soon.

[fredkilbourn]

Related upstream issue: mapbox#620

[fredkilbourn]

@mapbox/node-pre-gyp@1.0.7 is now published which includes npmlog@6

mapbox#620 (comment)

[fredkilbourn]

2 week bump