Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependabot security update #1372

Closed
4 tasks done
ilteoood opened this issue Oct 13, 2021 · 1 comment
Closed
4 tasks done

Dependabot security update #1372

ilteoood opened this issue Oct 13, 2021 · 1 comment
Labels
bug needs triage

Comments

@ilteoood
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

Current behavior

Re-open discussion for: #1368

Minimum reproduction code

https://github.com/ilteoood/sesamo-backend

Steps to reproduce

Install dependabot on a nest project

Expected behavior

Security alert disappear

Package version

8.1.2

NestJS version

8.0.11

Node.js version

14.17.6

In which operating systems have you tested?

  • macOS
  • Windows
  • Linux

Other

As opposed to what @kamilmysliwiec, that package is not upgraded.
The version ^3.0.0 of ansi-regex is used by cli-table3, which is an old package released 2 years ago.

The full chain that requires ansi-regex 3.0.0 is: @nest/cli -> cli-table3 -> string-width -> strip-ansi -> ansi-regex.

Please, don't close immediately the thread. Give me at least the time for an answer
@kamilmysliwiec
Copy link
Member

We're tracking this here #1359

@nestjs nestjs locked and limited conversation to collaborators Oct 13, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug needs triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ilteoood @kamilmysliwiec