cz-cli icon indicating copy to clipboard operation
cz-cli copied to clipboard

Published 20 hours ago verified publisher icon commitizen

critical: ReDoS vulnerability from inquirer v8.2.0

Open ChidanandanP opened this issue 3 years ago • 1 comments

Hi Team, there is a high vulnerability found in ansi-regex library for Regular Expression Denial of Service (ReDoS). This library is used by inquirer v8.2.0.

Please increase the inquirer library to latest version. Already a PR is open for that, please merge it as soon as possible: https://github.com/commitizen/cz-cli/pull/874

Refer the below urls to find more about vulnerability

https://snyk.io/advisor/npm-package/inquirer https://snyk.io/vuln/npm:ansi-regex

ChidanandanP avatar Dec 16 '21 11:12 ChidanandanP

https://github.com/commitizen/cz-cli/pull/874 has been merged and new release is out with the changes included. This can be closed.

OmgImAlexis avatar Jul 21 '22 02:07 OmgImAlexis