Bump ansi-regex and ansi-regex#775
Closed
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)
Bumps [ansi-regex](https://github.com/chalk/ansi-regex) and [ansi-regex](https://github.com/chalk/ansi-regex). These dependencies needed to be updated together. Updates `ansi-regex` from 3.0.0 to 5.0.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/chalk/ansi-regex/releases">ansi-regex's releases</a>.</em></p> <blockquote> <h2>v5.0.1</h2> <h3>Fixes (backport of <code>6.0.1</code> to v5)</h3> <p>This is a backport of the <strong>minor</strong> ReDos vulnerability in <code>ansi-regex@<6.0.1</code>, as requested in <a href="https://github-redirect.dependabot.com/chalk/ansi-regex/issues/38">#38</a>.</p> <ul> <li>Fix <a href="https://en.wikipedia.org/wiki/ReDoS">ReDoS</a> in certain cases (<a href="https://github-redirect.dependabot.com/chalk/ansi-regex/issues/37">#37</a>) You are only really affected if you run the regex on untrusted user input in a server context, which it's very unlikely anyone is doing, since this regex is mainly used in command-line tools.</li> </ul> <p><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3807">CVE-2021-3807</a></p> <p><a href="https://github.com/chalk/ansi-regex/compare/v5.0.0..v5.0.1">https://github.com/chalk/ansi-regex/compare/v5.0.0..v5.0.1</a></p> <p>Thank you <a href="https://github.com/yetingli"><code>@yetingli</code></a> for the patch and reproduction case!</p> <h2>v5.0.0</h2> <h3>Breaking</h3> <ul> <li>Require Node.js 8 166a0d5</li> </ul> <h3>Enhancements</h3> <ul> <li>Add TypeScript definition (<a href="https://github-redirect.dependabot.com/chalk/ansi-regex/issues/32">#32</a>) e77ea17</li> </ul> <p><a href="https://github.com/chalk/ansi-regex/compare/v4.1.0...v5.0.0">https://github.com/chalk/ansi-regex/compare/v4.1.0...v5.0.0</a></p> <h2>v4.1.0</h2> <ul> <li>Support more escape code like links (<a href="https://github-redirect.dependabot.com/chalk/ansi-regex/issues/29">#29</a>) 96200bb</li> </ul> <p><a href="https://github.com/chalk/ansi-regex/compare/v4.0.0...v4.1.0">https://github.com/chalk/ansi-regex/compare/v4.0.0...v4.1.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/chalk/ansi-regex/commit/a9babce885cf19c363cf1d1c645f834592c3f7a4"><code>a9babce</code></a> 5.0.1</li> <li><a href="https://github.com/chalk/ansi-regex/commit/4657833b3419f381c8ef4eb5787e71c5206b1b35"><code>4657833</code></a> fix incorrect format</li> <li><a href="https://github.com/chalk/ansi-regex/commit/c3c0b3f2736b9c01feec0fef33980c43720dcde8"><code>c3c0b3f</code></a> Fix potential ReDoS (<a href="https://github-redirect.dependabot.com/chalk/ansi-regex/issues/37">#37</a>)</li> <li><a href="https://github.com/chalk/ansi-regex/commit/178363b3a297b712a0054e702d8ddde3879913e5"><code>178363b</code></a> Move to GitHub Actions (<a href="https://github-redirect.dependabot.com/chalk/ansi-regex/issues/35">#35</a>)</li> <li><a href="https://github.com/chalk/ansi-regex/commit/0755e661553387cfebcb62378181e9f55b2567ff"><code>0755e66</code></a> Add <a href="https://github.com/Qix"><code>@Qix</code></a>- to funding.yml</li> <li><a href="https://github.com/chalk/ansi-regex/commit/2b56fb0c7a07108e5b54241e8faec160d393aedb"><code>2b56fb0</code></a> 5.0.0</li> <li><a href="https://github.com/chalk/ansi-regex/commit/f26f7fe2287b44d3092c75a8dc3f7722282773d0"><code>f26f7fe</code></a> Meta tweaks</li> <li><a href="https://github.com/chalk/ansi-regex/commit/e77ea173f2e2b3f8bee370bf4cc4d29820783daf"><code>e77ea17</code></a> Add TypeScript definition (<a href="https://github-redirect.dependabot.com/chalk/ansi-regex/issues/32">#32</a>)</li> <li><a href="https://github.com/chalk/ansi-regex/commit/166a0d5eddedacf0db7ccd7ee137b862ab1dae70"><code>166a0d5</code></a> Require Node.js 8</li> <li><a href="https://github.com/chalk/ansi-regex/commit/f115fca8a0d1bd7be0af5efa6b6ade54e7145207"><code>f115fca</code></a> Tidelift tasks</li> <li>Additional commits viewable in <a href="https://github.com/chalk/ansi-regex/compare/v3.0.0...v5.0.1">compare view</a></li> </ul> </details> <br /> Updates `ansi-regex` from 4.1.0 to 5.0.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/chalk/ansi-regex/releases">ansi-regex's releases</a>.</em></p> <blockquote> <h2>v5.0.1</h2> <h3>Fixes (backport of <code>6.0.1</code> to v5)</h3> <p>This is a backport of the <strong>minor</strong> ReDos vulnerability in <code>ansi-regex@<6.0.1</code>, as requested in <a href="https://github-redirect.dependabot.com/chalk/ansi-regex/issues/38">#38</a>.</p> <ul> <li>Fix <a href="https://en.wikipedia.org/wiki/ReDoS">ReDoS</a> in certain cases (<a href="https://github-redirect.dependabot.com/chalk/ansi-regex/issues/37">#37</a>) You are only really affected if you run the regex on untrusted user input in a server context, which it's very unlikely anyone is doing, since this regex is mainly used in command-line tools.</li> </ul> <p><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3807">CVE-2021-3807</a></p> <p><a href="https://github.com/chalk/ansi-regex/compare/v5.0.0..v5.0.1">https://github.com/chalk/ansi-regex/compare/v5.0.0..v5.0.1</a></p> <p>Thank you <a href="https://github.com/yetingli"><code>@yetingli</code></a> for the patch and reproduction case!</p> <h2>v5.0.0</h2> <h3>Breaking</h3> <ul> <li>Require Node.js 8 166a0d5</li> </ul> <h3>Enhancements</h3> <ul> <li>Add TypeScript definition (<a href="https://github-redirect.dependabot.com/chalk/ansi-regex/issues/32">#32</a>) e77ea17</li> </ul> <p><a href="https://github.com/chalk/ansi-regex/compare/v4.1.0...v5.0.0">https://github.com/chalk/ansi-regex/compare/v4.1.0...v5.0.0</a></p> <h2>v4.1.0</h2> <ul> <li>Support more escape code like links (<a href="https://github-redirect.dependabot.com/chalk/ansi-regex/issues/29">#29</a>) 96200bb</li> </ul> <p><a href="https://github.com/chalk/ansi-regex/compare/v4.0.0...v4.1.0">https://github.com/chalk/ansi-regex/compare/v4.0.0...v4.1.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/chalk/ansi-regex/commit/a9babce885cf19c363cf1d1c645f834592c3f7a4"><code>a9babce</code></a> 5.0.1</li> <li><a href="https://github.com/chalk/ansi-regex/commit/4657833b3419f381c8ef4eb5787e71c5206b1b35"><code>4657833</code></a> fix incorrect format</li> <li><a href="https://github.com/chalk/ansi-regex/commit/c3c0b3f2736b9c01feec0fef33980c43720dcde8"><code>c3c0b3f</code></a> Fix potential ReDoS (<a href="https://github-redirect.dependabot.com/chalk/ansi-regex/issues/37">#37</a>)</li> <li><a href="https://github.com/chalk/ansi-regex/commit/178363b3a297b712a0054e702d8ddde3879913e5"><code>178363b</code></a> Move to GitHub Actions (<a href="https://github-redirect.dependabot.com/chalk/ansi-regex/issues/35">#35</a>)</li> <li><a href="https://github.com/chalk/ansi-regex/commit/0755e661553387cfebcb62378181e9f55b2567ff"><code>0755e66</code></a> Add <a href="https://github.com/Qix"><code>@Qix</code></a>- to funding.yml</li> <li><a href="https://github.com/chalk/ansi-regex/commit/2b56fb0c7a07108e5b54241e8faec160d393aedb"><code>2b56fb0</code></a> 5.0.0</li> <li><a href="https://github.com/chalk/ansi-regex/commit/f26f7fe2287b44d3092c75a8dc3f7722282773d0"><code>f26f7fe</code></a> Meta tweaks</li> <li><a href="https://github.com/chalk/ansi-regex/commit/e77ea173f2e2b3f8bee370bf4cc4d29820783daf"><code>e77ea17</code></a> Add TypeScript definition (<a href="https://github-redirect.dependabot.com/chalk/ansi-regex/issues/32">#32</a>)</li> <li><a href="https://github.com/chalk/ansi-regex/commit/166a0d5eddedacf0db7ccd7ee137b862ab1dae70"><code>166a0d5</code></a> Require Node.js 8</li> <li><a href="https://github.com/chalk/ansi-regex/commit/f115fca8a0d1bd7be0af5efa6b6ade54e7145207"><code>f115fca</code></a> Tidelift tasks</li> <li>Additional commits viewable in <a href="https://github.com/chalk/ansi-regex/compare/v3.0.0...v5.0.1">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/noam-honig/food-basket-delivery/network/alerts). </details>
AI Analysis
This issue appears to be discussing a feature request or bug report related to the repository. Based on the content, it seems to be resolved. The issue was opened by dependabot[bot] and has received 1 comments.
Add a comment
Comment form would go here