Update strip-ansi due to security vulnerability about ansi-regex(v4.1.0)

[jcoyne]

Description

The cli package specifies strip-ansi 5.2.0. This version pulls in a vulnerable version of ansi-regex. Can strip-ansi be upgraded to 6.x or 7.x?

https://github.com/react-native-community/cli/blob/master/packages/cli/package.json#L55

See:

• https://github.com/jest-community/jest-junit/pull/188
• https://github.com/chalk/strip-ansi/issues/40

[thymikee]

Feel free to submit a PR with a fix. I'd be happy to merge it :)

[jcoyne]

@thymikee I don't actually use react-native, it only ended up in my bundle by way of a indirect dependency (https://github.com/aws-amplify/amplify-js/issues/9119). So, while I can make this change. I have no way of testing that it still works.

[tex0l]

This is due to https://github.com/zamotany/logkitty/issues/32 for https://github.com/react-native-community/cli/blob/master/packages/platform-android/package.json, and due to the use of [email protected] which can be updated to v6.0.1 in https://github.com/react-native-community/cli/blob/master/packages/platform-ios/package.json, and the direct use of [email protected] in https://github.com/react-native-community/cli/blob/master/packages/cli/package.json

[Brma1048]

Any updates on this? It's still using 4.1.0 with security vulnerability and ora and ws must also be updatet to a newer version

[github-actions[bot]]

There hasn't been any activity on this issue in the past 3 months, so it has been marked as stale and it will be closed automatically if no further activity occurs in the next 7 days.