Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Vulnerability warnings with ansi-regex and minimist

See original GitHub issue

I’m seeing a few vulnerability warnings after installing 3.3.0, namely with ansi-regex and minimist.

Issue Analytics

  • State:open
  • Created a year ago
  • Reactions:29
  • Comments:11 (3 by maintainers)

github_iconTop GitHub Comments

stevensackscommented, Jul 26, 2022

Hold up. Let’s clarify something. Your message read to me like you were a maintainer of this project, which meant you took time to reply on a thread giving an excuse why you weren’t going to release an update to resolve a vulnerability, when actually resolving it would have taken less time. If that was what happened, that would have been undeniably bad behavior on the part of the maintainer and it is not acting entitled to point that out.

stevensackscommented, Jul 26, 2022

It would take the same amount of time to update the version of a single dependency as it would to make an excuse why you aren’t going to.

This project hasn’t been updated in over 2 years. I don’t know what you’re worried about. It’s already been abandoned. Clearly the maintainer has already checked out.

Read more comments on GitHub >

github_iconTop Results From Across the Web

ansi-regex vulnerabilities - Snyk
version published direct vulnerabilities 3.0.1 27 Mar, 2022 0. C. 0. H. 0. M. 0. L 4.1.1 11 Mar, 2022 0. C. 0. H. 0....
Read more >
node:14 CVE-2021-44906 · Issue #42451 · nodejs ... - GitHub
They both have the ansi-regex thing (probably from the npm ... There's even a "Report a security vulnerability" choice when you go to...
Read more >
Fixing security vulnerabilities in npm dependencies in less ...
In my case mocha(7.1.0) -> mkdirp(0.5.1) -> minimist(0.0.8) — the vulnerable version. Resolutions key. 3) And finally the fix was: 3.1) First npm...
Read more >
vulnerabilities in npm dependencies - libup
There are 158 npm security advisories affecting our repositories. #1067342: minimist. Severity: critical. Prototype Pollution in minimist advisory. Affected ...
Read more >
Inefficient Regular Expression Complexity in chalk/ansi-regex
Nextcloud: @nextcloud/logger NPM package brings vulnerable ansi-regex version ... to be notified of important product support alerts like this.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found