chore(deps): bump ansi-regex from 5.0.0 to 5.0.1#3
Closed
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)
Bumps [ansi-regex](https://github.com/chalk/ansi-regex) from 5.0.0 to 5.0.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/chalk/ansi-regex/releases">ansi-regex's releases</a>.</em></p> <blockquote> <h2>v5.0.1</h2> <h3>Fixes (backport of <code>6.0.1</code> to v5)</h3> <p>This is a backport of the <strong>minor</strong> ReDos vulnerability in <code>ansi-regex@<6.0.1</code>, as requested in <a href="https://github-redirect.dependabot.com/chalk/ansi-regex/issues/38">#38</a>.</p> <ul> <li>Fix <a href="https://en.wikipedia.org/wiki/ReDoS">ReDoS</a> in certain cases (<a href="https://github-redirect.dependabot.com/chalk/ansi-regex/issues/37">#37</a>) You are only really affected if you run the regex on untrusted user input in a server context, which it's very unlikely anyone is doing, since this regex is mainly used in command-line tools.</li> </ul> <p><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3807">CVE-2021-3807</a></p> <p><a href="https://github.com/chalk/ansi-regex/compare/v5.0.0..v5.0.1">https://github.com/chalk/ansi-regex/compare/v5.0.0..v5.0.1</a></p> <p>Thank you <a href="https://github.com/yetingli"><code>@yetingli</code></a> for the patch and reproduction case!</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/chalk/ansi-regex/commit/a9babce885cf19c363cf1d1c645f834592c3f7a4"><code>a9babce</code></a> 5.0.1</li> <li><a href="https://github.com/chalk/ansi-regex/commit/4657833b3419f381c8ef4eb5787e71c5206b1b35"><code>4657833</code></a> fix incorrect format</li> <li><a href="https://github.com/chalk/ansi-regex/commit/c3c0b3f2736b9c01feec0fef33980c43720dcde8"><code>c3c0b3f</code></a> Fix potential ReDoS (<a href="https://github-redirect.dependabot.com/chalk/ansi-regex/issues/37">#37</a>)</li> <li><a href="https://github.com/chalk/ansi-regex/commit/178363b3a297b712a0054e702d8ddde3879913e5"><code>178363b</code></a> Move to GitHub Actions (<a href="https://github-redirect.dependabot.com/chalk/ansi-regex/issues/35">#35</a>)</li> <li><a href="https://github.com/chalk/ansi-regex/commit/0755e661553387cfebcb62378181e9f55b2567ff"><code>0755e66</code></a> Add <a href="https://github.com/Qix"><code>@Qix</code></a>- to funding.yml</li> <li>See full diff in <a href="https://github.com/chalk/ansi-regex/compare/v5.0.0...v5.0.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/jsejcksn/deno-userscript-bundler/network/alerts). </details>
AI Analysis
This issue appears to be discussing a feature request or bug report related to the repository. Based on the content, it seems to be resolved. The issue was opened by dependabot[bot] and has received 1 comments.
Add a comment
Comment form would go here