Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. ItΒ collects links to all the places you might be looking at while hunting down a tough bug.
And, if youβre still stuck at the end, weβre happy to hop on a call to see how we can help out.
ANSI-HTML is vulnerable and unmaintained
See original GitHub issueDescribe the bug
When running yarn audit it shows a vulnerability in ansi-html
adding a resolution does not help as no patch is available, looking at the effected package ansi-html is no longer maintained by anyone.
βββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β high β Uncontrolled Resource Consumption in ansi-html β
βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β Package β ansi-html β
βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β Patched in β No patch available β
βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β Dependency of β react-scripts β
βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β Path β react-scripts > webpack-dev-server > ansi-html β
βββββββββββββββββΌβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β More info β https://www.npmjs.com/advisories/4035 β
βββββββββββββββββ΄βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Did you try recovering your dependencies?
yes
Which terms did you search for in User Guide?
N/A
Environment
mac-mini M1 running in zsh
Steps to reproduce
run yarn audit on a project using altest react-scripts
Expected behavior
SHould either pass audit (many dependencies out of date) or use packages that allow a manual resolution of issue
Actual behavior
Declares no patch available for the issue, suggest switching to ansi-html-community
Issue Analytics
- State:
- Created 2 years ago
- Reactions:13
- Comments:10
Top Results From Across the Web
How to fix ansi-html vulnerability - Mahdyar's Blog
Uncontrolled Resource Consumption in ansi-html (CVE-2021-23424) is a vulnerability that won't be fixed by the project's author.
Read more >ansi-html vulnerabilities - Snyk
version published direct vulnerabilities
0.0.9 28 Feb, 2022 0. C. 0. H. 0. M. 0. L
0.0.8 28 Feb, 2022 0. C. 1. H. 0....
Read more >Recent Vulnerability in ansi_term () - Vulert
The most accurate and complete database of ansi_term Vulnerabilities. Contain detailed information and remediation guidance for vulnerabilities.
Read more >RUSTSEC-2021-0139: ansi_term
ansi_term is Unmaintained ... INFO Unmaintained; Details: https://github.com/ogham/rust-ansi-term/issues/72; Patched: no patched versionsΒ ...
Read more >Vulnerability Summary for the Week of March 1, 2021 | CISA
Primary Vendor ββ Product Published CVSS Score
adguard ββ adguard 2021β03β03 not yet calculated
advantech ββ webaccess/scada 2021β03β03 not yet calculated
afterlogic ββ aurora 2021β03β04 not...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Having the same issue. This seems to be related to Create a c3.11.3 to resolve vulnerability in dependency ansi-html, which was closed, as the webpack-dev-server team is no longer maintaining v^3, as v^4 is out. Seems the issue is that react-scripts is still depending on outdated version of webpack (4.44.2) and webpack-dev-server (3.11.1). I think fixing this would involve a fairly big upgrade to react-scripts and CRA?
We are able resolve it by following https://github.com/Tjatse/ansi-html/issues/19.