advisory-database icon indicating copy to clipboard operation
advisory-database copied to clipboard

Published 20 hours ago verified publisher icon github

GHSA-93q8-gq69-wqmw needs updating

Open G-Rath opened this issue 3 years ago • 2 comments

I can't submit this via the standard way as the advisory doesn't exist in this database yet due to #19.

4.1.1 was published to fix GHSA-93q8-gq69-wqmw for the 4.x line: https://github.com/chalk/ansi-regex/pull/46

So the affected versions should be updated to be:

image

G-Rath avatar Mar 13 '22 21:03 G-Rath

Thanks @G-Rath, I'll circle back to the team on this.

KateCatlin avatar Mar 14 '22 19:03 KateCatlin

While we are still working on finding a better way to handle the > operator in general, GHSA-93q8-gq69-wqmw is included in a list of advisories that we think can be updated to avoid using >. Hopefully we can get this one republished soon with an updated version range for ansi-regex.

chrisbloom7 avatar Mar 15 '22 18:03 chrisbloom7

hi @G-Rath 👋 I wanted to follow up on this issue and see if this still needs to be addressed in the advisory. another community contribution came in after your initial issue as well that might have addressed some of your feedback.

here's what is currently listed in the advisory: Screen Shot 2022-08-16 at 3 04 11 PM

how does the 2.1.1 version range you originally brought up in this issue fit into this? can you provide a public reference or link to it?

taladrane avatar Aug 16 '22 19:08 taladrane

@taladrane this has now been resolved :)

G-Rath avatar Aug 16 '22 19:08 G-Rath

thanks for the feedback @G-Rath! 😄

taladrane avatar Aug 16 '22 19:08 taladrane