Skip to content
This repository has been archived by the owner on Nov 12, 2024. It is now read-only.

Bump ansi-regex from 5.0.1 to 6.0.1 #1213

Closed
wants to merge 1 commit into from
Closed

Bump ansi-regex from 5.0.1 to 6.0.1 #1213

wants to merge 1 commit into from
+89 −9

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Aug 1, 2022
edited
Loading

Bumps ansi-regex from 5.0.1 to 6.0.1.

Release notes

Sourced from ansi-regex's releases.

v6.0.1

Fixes

  • Fix ReDoS in certain cases (#37) You are only really affected if you run the regex on untrusted user input in a server context, which it's very unlikely anyone is doing, since this regex is mainly used in command-line tools.

CVE-2021-3807

chalk/ansi-regex@v6.0.0...v6.0.1

Thank you @​yetingli for the patch and reproduction case!

v6.0.0

Breaking

  • Require Node.js 12 1b337ad
  • This package is now pure ESM. Please read this.

chalk/ansi-regex@v5.0.0...v6.0.0

Commits

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
> **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Aug 1, 2022
@dependabot dependabot bot requested review from apupier and joshiraez August 1, 2022 11:04
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/ansi-regex-6.0.1 branch 4 times, most recently from 27f8f26 to c09724f Compare August 9, 2022 16:00
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/ansi-regex-6.0.1 branch 4 times, most recently from b670f6d to 84c3f5e Compare August 29, 2022 05:07
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/ansi-regex-6.0.1 branch 3 times, most recently from 691a6a0 to 1338791 Compare August 31, 2022 14:01
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/ansi-regex-6.0.1 branch 4 times, most recently from 392de47 to c3fd0eb Compare September 13, 2022 18:59
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/ansi-regex-6.0.1 branch 5 times, most recently from f422983 to 6cedfcb Compare September 28, 2022 09:49
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/ansi-regex-6.0.1 branch 4 times, most recently from 180957a to 33caf6e Compare October 12, 2022 07:28
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/ansi-regex-6.0.1 branch 3 times, most recently from 0875da2 to a1277ba Compare October 19, 2022 11:55
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/ansi-regex-6.0.1 branch 4 times, most recently from 01de20e to 668c4fb Compare December 1, 2022 12:34
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/ansi-regex-6.0.1 branch from 668c4fb to 7c5db7d Compare December 9, 2022 09:50
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/ansi-regex-6.0.1 branch 2 times, most recently from 5ec19d0 to bfc0cc5 Compare December 22, 2022 11:10
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/ansi-regex-6.0.1 branch 3 times, most recently from 9ce9eec to 74c053e Compare January 3, 2023 12:21
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/ansi-regex-6.0.1 branch 3 times, most recently from 1de2413 to a548e8f Compare January 16, 2023 13:26
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/ansi-regex-6.0.1 branch from a548e8f to 60e00a0 Compare January 20, 2023 08:56
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/ansi-regex-6.0.1 branch 3 times, most recently from 5c0531b to c5aa68c Compare February 2, 2023 09:49
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/ansi-regex-6.0.1 branch 2 times, most recently from 594d259 to 2b3cb09 Compare March 2, 2023 07:50
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/ansi-regex-6.0.1 branch 2 times, most recently from 548cb5d to d9f3197 Compare March 14, 2023 08:10
@dependabot
Bump ansi-regex from 5.0.1 to 6.0.1
e4ee03e 
Bumps [ansi-regex](https://github.com/chalk/ansi-regex) from 5.0.1 to 6.0.1.
- [Release notes](https://github.com/chalk/ansi-regex/releases)
- [Commits](chalk/ansi-regex@v5.0.1...v6.0.1)

---
updated-dependencies:
- dependency-name: ansi-regex
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/ansi-regex-6.0.1 branch from d9f3197 to e4ee03e Compare March 20, 2023 08:25
@sonarqubecloud
Copy link

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@unsortedhashsets unsortedhashsets added the invalid This doesn't seem right label Jul 19, 2023
@unsortedhashsets unsortedhashsets self-assigned this Aug 15, 2023
@unsortedhashsets unsortedhashsets removed their assignment Oct 20, 2023
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Sep 10, 2024

Superseded by #1897.

@dependabot dependabot bot closed this Sep 10, 2024
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/ansi-regex-6.0.1 branch September 10, 2024 11:49
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@apupier apupier Awaiting requested review from apupier

@joshiraez joshiraez Awaiting requested review from joshiraez

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file invalid This doesn't seem right
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@unsortedhashsets