[🐛 Bug]: <Update strip-ansi to 7.0.1> #8806
Description
Have you read the Contributing Guidelines on issues?
- I have read the Contributing Guidelines on issues.
WebdriverIO Version
latest
Node.js Version
latest
Mode
WDIO Testrunner
Which capabilities are you using?
No response
What happened?
strip-ansi (used by wdio/logger) uses [email protected] up to 7.0.0 (https://github.com/chalk/strip-ansi/blame/v7.0.1/package.json#L50)
ansi-regex has potential ReDoS vulnerability: chalk/ansi-regex#37
could you please update the dependency? (wdio-logger: [email protected] -> [email protected])
P.S: not exactly a bug, more like a secure vulnerability, but i didn't want to disturb you via email because of a trifle.
What is your expected behavior?
No response
How to reproduce the bug.
npm audit
Relevant log output
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Inefficient Regular Expression Complexity in │
│ │ chalk/ansi-regex │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ ansi-regex │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @wdio/utils │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ @wdio/utils > @wdio/logger > strip-ansi > ansi-regex │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://github.com/advisories/GHSA-93q8-gq69-wqmw │
└───────────────┴──────────────────────────────────────────────────────────────┘Code of Conduct
- I agree to follow this project's Code of Conduct
Is there an existing issue for this?
- I have searched the existing issues