Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

npm still contains vulnerable versions of ansi-regex #40761

Closed
f2404 opened this issue Nov 8, 2021 · 1 comment
Closed

npm still contains vulnerable versions of ansi-regex #40761

f2404 opened this issue Nov 8, 2021 · 1 comment
Labels
wrong repo Issues that should be opened in another repository.

Comments

@f2404
Copy link

f2404 commented Nov 8, 2021

Version

No response

Platform

No response

Subsystem

No response

What steps will reproduce the bug?

No response

How often does it reproduce? Is there a required condition?

No response

What is the expected behavior?

No response

What do you see instead?

No response

Additional information

Following this bug report: nodejs/docker-node#1574 (comment)

npm 8.1.0 continues to install vulnerable versions of ansi-regex package - namely, @5.0.0, @2.1.1, and @3.0.0 - which results in the base Docker image being flagged by container security software.

Would it be possible to upgrade all dependencies to use ansi-regex@5.0.1?
Thanks!
@Mesteery Mesteery added the wrong repo Issues that should be opened in another repository. label Nov 8, 2021
@Mesteery
Copy link
Member

Mesteery commented Nov 8, 2021

This should be opened on https://github.com/npm/cli/issues.

@Mesteery Mesteery closed this as completed Nov 8, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
wrong repo Issues that should be opened in another repository.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@f2404 @Mesteery