jest icon indicating copy to clipboard operation
jest copied to clipboard
verified publisher icon jestjs

[Feature]: upgrade chalk to v5.6.2

Open jessica-srivastava99 opened this issue 1 month ago • 2 comments

🚀 Feature Proposal

[Feature]: chalk was recently compromised with version: 5.6.1, We are upgrading all vulnerable packages and we need to upgrade it to 5.6.2 however you are still using ^4

Motivation

Since chalk 5.6.1 was a compromised package hence we need an upgrade

Example

No response

Pitch

As it is a dependent package

jessica-srivastava99 avatar Nov 25 '25 20:11 jessica-srivastava99

This happens because chalk@5 exposes ESM entrypoints only, which cannot be loaded through require() inside Jest’s CommonJS modules.

Why This Cannot Be Upgraded Right Now

  • Jest is not fully migrated to ESM internally.
  • Several core packages (jest-runtime, jest-resolve, jest-core, jest-config, jest-circus, jest-snapshot, etc.) still require Chalk through CommonJS.
  • Updating to Chalk v5 would require a large-scale Jest-wide ESM migration, which is outside the scope of a dependency bump.

Conclusion

Chalk v5 cannot be used until Jest's internal packages support ESM. The dependency must remain on chalk@^4.1.2 for now.

Suggested Action

Mark this issue as blocked until Jest’s ESM migration progresses.

wcr-karan avatar Nov 26 '25 07:11 wcr-karan

Note that only v5.6.1 was compromised, so v4 versions of Chalk are not vulnerable and don't need updating

G-Rath avatar Nov 28 '25 19:11 G-Rath