prettier-eslint icon indicating copy to clipboard operation
prettier-eslint copied to clipboard

Published 20 hours ago verified publisher icon prettier

Audit Fail due to an used package

Open santhoshsk1918 opened this issue 3 years ago • 6 comments

Versions:

  • prettier-eslint version: 13.0.0
  • node version: 12.14.1

Problem description: Audit is failing due to package used pretty-format

Screenshot 2021-10-13 at 4 12 26 AM

Suggested solution: update package.json

santhoshsk1918 avatar Oct 12 '21 22:10 santhoshsk1918

The earliest patched version of ansi-regex is 5.0.1. This is fixed in pretty-format >= 25.1.0 (which requires ansi-regex ^5.0.0).

internalsystemerror avatar Dec 18 '21 12:12 internalsystemerror

Any updates on this? My CICD is failing because of this issue.

dfrankes avatar Jan 25 '22 13:01 dfrankes

In the meantime, my team has been using https://github.com/IBM/audit-ci. The tool allows us to continue auditing our dependencies as part of our CICD pipeline, but we can allow certain advisories so they don't cause the pipeline to fail.

Towerism avatar Feb 28 '22 20:02 Towerism

My company is ALSO concerned about this vulnerability. Is it possible to switch to using something other than the now archived loglevel-colored-level-prefix tool that is locked in on a very old chalk?

heath-freenome avatar Jun 24 '22 21:06 heath-freenome

@kentcdodds do you know of an alternative to your now archived loglevel-colored-level-prefix library that I can use to make a PR to remove this issue?

zmagauina-fn avatar Aug 08 '22 20:08 zmagauina-fn

I'm afraid no.

kentcdodds avatar Aug 08 '22 22:08 kentcdodds

@kentcdodds would it be worth converting this over to using Chalk? Or maybe removing this package and functionality so it will not have a color? I'm happy to do this if you would like.

jenniferabowd avatar Oct 02 '22 20:10 jenniferabowd

Stale issue

github-actions[bot] avatar Dec 16 '22 00:12 github-actions[bot]