[Security] Update yarn library ansi-regex to fix a security issue

Created on 28 September 2021, over 3 years ago

Updated 28 November 2024, 3 months ago

Problem/Motivation

Please see the attached screenshot - https://www.drupal.org/files/issues/2021-09-28/Screenshot%202021-09-28%2... → .

web/core/yarn.lock (yarn)
=========================
Total: 3 (UNKNOWN: 0, HIGH: 3, CRITICAL: 0)

+------------+------------------+----------+-------------------+---------------+--------------------------------------+
|  LIBRARY   | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION |                TITLE                 |
+------------+------------------+----------+-------------------+---------------+--------------------------------------+
| ansi-regex | CVE-2021-3807    | HIGH     | 3.0.0             | 5.0.1, 6.0.1  | node-ansi-regex: inefficient         |
|            |                  |          |                   |               | regular expression                   |
|            |                  |          |                   |               | complexity allows for a crash        |
|            |                  |          |                   |               | -->avd.aquasec.com/nvd/cve-2021-3807 |
+            +                  +          +-------------------+               +                                      +
|            |                  |          | 4.1.0             |               |                                      |
|            |                  |          |                   |               |                                      |
|            |                  |          |                   |               |                                      |
|            |                  |          |                   |               |                                      |
+            +                  +          +-------------------+               +                                      +
|            |                  |          | 5.0.0             |               |                                      |
|            |                  |          |                   |               |                                      |
|            |                  |          |                   |               |                                      |
|            |                  |          |                   |               |                                      |
+------------+------------------+----------+-------------------+---------------+--------------------------------------+

Steps to reproduce

Proposed resolution

Update yarn library ansi-regex version.

Remaining tasks

User interface changes

API changes

Data model changes

📌 Task

Status

Closed: outdated

Version

11.0 🔥

Component

javascript

Created by

🇧🇬Bulgaria vuil Bulgaria 🇧🇬 🇪🇺 🌍

Live updates comments and jobs are added and updated live.

Security
It is used for security vulnerabilities which do not need a security advisory. For example, security issues in projects which do not have security advisory coverage, or forward-porting a change already disclosed in a security advisory. See Drupal’s security advisory policy for details. Be careful publicly disclosing security vulnerabilities! Use the “Report a security vulnerability” link in the project page’s sidebar. See how to report a security issue for details.

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

Comment 3 months ago →
🇳🇿New Zealand quietone

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024