Inefficient Regular Expression Complexity in chalk/ansi-regex
ansi-regex is vulnerable to Inefficient Regular Expression Complexity
GHSA-93q8-gq69-wqmw
This is coming from upstream but the fixes are just now reaching this level:
├ @discordjs/node-pre-gyp@0.4.2
└─┬ npmlog@5.0.1
└─┬ gauge@3.0.1
├─┬ string-width@2.1.1
│ └── strip-ansi@4.0.0 deduped
├─┬ strip-ansi@4.0.0
│ └── ansi-regex@3.0.0
└─┬ wide-align@1.1.5
└── string-width@2.1.1 deduped
npmlog v5 is vulnerable, but npmlog v6 is now using the fixed upstream packages and is no longer vulnerable.
This commit in https://github.com/mapbox/node-pre-gyp now starts using npmlog v6: mapbox@ef8f171
I don't know if you guys are forking from main or waiting for release tags, but you should be able to integrate this fix now/soon.
Inefficient Regular Expression Complexity in chalk/ansi-regex
ansi-regex is vulnerable to Inefficient Regular Expression Complexity
GHSA-93q8-gq69-wqmw
This is coming from upstream but the fixes are just now reaching this level:
npmlog v5 is vulnerable, but npmlog v6 is now using the fixed upstream packages and is no longer vulnerable.
This commit in https://github.com/mapbox/node-pre-gyp now starts using npmlog v6: mapbox@ef8f171
I don't know if you guys are forking from main or waiting for release tags, but you should be able to integrate this fix now/soon.