cli icon indicating copy to clipboard operation
cli copied to clipboard

Published 20 hours ago verified publisher icon react-native-community

Upgrade ora in cli-types

Open jcoyne opened this issue 3 years ago • 3 comments

Description

ora version 3 pulls in a vulnerable version of strip-ansi (v4).
https://github.com/react-native-community/cli/blob/master/packages/cli-types/package.json#L9

This dependency is fixed in ora version 6: https://github.com/sindresorhus/ora/commit/090860b50257f75f02dd5cd76b76025ca95311f0

jcoyne avatar Nov 15 '21 16:11 jcoyne

Note that ora is used in all of cli, cli-types and platform-ios.

I looked at upgrading it in cli, but it seems the ora.Ora class used here is no longer exported, so I'm not sure how that should be solved (I'm not that experienced with the Node ecosystem/TypeScript). If anyone has a pointer how that should be done, I'm happy to try and fix that.

djc avatar Nov 25 '21 00:11 djc

I believe I've fixed most of that here, but I still have a few test failures to figure out: https://github.com/react-native-community/cli/pull/1522

stianjensen avatar Jan 17 '22 01:01 stianjensen

Fixed with #1522

stianjensen avatar Jan 24 '22 14:01 stianjensen

There hasn't been any activity on this issue in the past 3 months, so it has been marked as stale and it will be closed automatically if no further activity occurs in the next 7 days.

github-actions[bot] avatar Nov 26 '22 03:11 github-actions[bot]