Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2021-3807 #1920

Closed
0wx opened this issue Sep 23, 2021 · 4 comments
Closed

CVE-2021-3807 #1920

0wx opened this issue Sep 23, 2021 · 4 comments

Comments

@0wx
Copy link

0wx commented Sep 23, 2021
edited
Loading

  • Versions:
  • nodemon -v: 2.0.12

I keep getting depandabot alert about CVE-2021-3807 saying:

[email protected] requires ansi-regex@^4.1.0 via a transitive dependency on [email protected]

While the fixed version is 5.0.1
@remy
Copy link
Owner

remy commented Sep 23, 2021

Bumped in latest.

@remy remy closed this as completed Sep 23, 2021
@0wx
Copy link
Author

0wx commented Sep 23, 2021
edited
Loading

@remy thanks for the update.
But I'm still getting alert and can't perform security update.
image
Did I do something wrong here?

Ps. I'm using yarn

@sethlivingston
Copy link

Getting the same alert on 2.0.13.

@remy
Copy link
Owner

remy commented Sep 29, 2021

Dupe of this -> #1919

You need to chase here if you want to see the vuln warning go away: nexdrew/ansi-align#61

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@remy @sethlivingston @0wx