ansi-align
ansi-align copied to clipboard
nexdrew
Release version 3.0.1 with updated dependencies
Along the past 2 years greenkeeper has updated many dependencies.
Since this package has 5.7M weekly downloads, it makes sense to release a new patch version with these updated dependencies.
I encountered this when inspecting boxen's dependency tree, and string-width can't be deduped because of this.
Thanks!
I'm trying to fix a vulnerability with that needs me to bump to ansi-regex@^5.0.1.
From the npm package my ansi-align package had a "string-width": "^3.0.0".
I had to manually bump it in my yarn.lock to "string-width": "^4.1.0" to fix it (which also matched this repos package.json).
So yeah we need to release v3.0.1 with the current dependencies in package.json.
@nexdrew - Any chance this can be looked at? Is this package still being maintained?
@amitzur @kpkonghk01 @mobeigi @petewalker Apologies for the long delay, just published [email protected] that bumps the string-width dependency to semver range ^4.1.0, which will install version 4.2.3 at the time of this writing.
Please let me know if this does or does not satisfy your concerns with either de-duping or patching a security vulnerability.
I realize the current latest version of string-width is 5.0.1, but that will require a major version bump for the next release of ansi-align, so I will attempt to tackle that later.
Hi, when the update to string-width 5.0.1 will come? There is vulnerability in ansi-regex. Thanks
Also having issues here when using string-width 6.1.0
node_modules/ansi-align/index.js:3
const stringWidth = require('string-width')
^
Error [ERR_REQUIRE_ESM]: require() of ES Module node_modules/string-width/index.js from node_modules/ansi-align/index.js not supported.
Instead change the require of node_modules/string-width/index.js in node_modules/ansi-align/index.js to a dynamic import() which is available in all CommonJS modules.
at Object.<anonymous> (node_modules/ansi-align/index.js:3:21) {
code: 'ERR_REQUIRE_ESM'
}
Node.js v20.4.0
