You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
[x] latest
[ ] @next
[ ] 0.x.x (or put your version here)
Snyk is reporting an issue with ansi-regex, which is a transitive dependency
Issues with no direct upgrade or patch:
✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908] in ansi-regex@2.1.1
introduced by typeorm@0.2.32 > yargs@16.2.0 > string-width@4.2.0 > strip-ansi@6.0.0 > ansi-regex@5.0.0 and 11 other path(s)
This issue was fixed in versions: 6.0.1
The text was updated successfully, but these errors were encountered:
Looks like ansi-regex released a patch 5.0.1 and snyk now throws this error for the transitive dependency in my project
Issues with no direct upgrade or patch:
✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908] in ansi-regex@5.0.0
introduced by typeorm@0.2.32 > yargs@16.2.0 > string-width@4.2.0 > strip-ansi@6.0.0 > ansi-regex@5.0.0 and 9 other path(s)
This issue was fixed in versions: 6.0.1, 5.0.1
On the upside there is activity at yargs to try and patch this yargs/yargs#1839 now that string-width, strip-ansi and ansi-regex have patched it already. Once yargs patches it, it should make patching it here easier.
Issue type:
[x] question
[ ] bug report
[ ] feature request
[ ] documentation issue
TypeORM version:
[x] latest
[ ] @next
[ ] 0.x.x (or put your version here)
Snyk is reporting an issue with ansi-regex, which is a transitive dependency
Issues with no direct upgrade or patch:
✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908] in ansi-regex@2.1.1
introduced by typeorm@0.2.32 > yargs@16.2.0 > string-width@4.2.0 > strip-ansi@6.0.0 > ansi-regex@5.0.0 and 11 other path(s)
This issue was fixed in versions: 6.0.1
The text was updated successfully, but these errors were encountered: