Have you read the Contributing Guidelines on issues?
WebdriverIO Version
latest
Node.js Version
latest
Mode
WDIO Testrunner
Which capabilities are you using?
No response
What happened?
strip-ansi (used by wdio/logger) uses ansi-regex@6.0.0 up to 7.0.0 (https://github.com/chalk/strip-ansi/blame/v7.0.1/package.json#L50)
ansi-regex has potential ReDoS vulnerability: chalk/ansi-regex#37
could you please update the dependency? (wdio-logger: strip-ansi@6.0.0 -> strip-ansi@7.0.1)
P.S: not exactly a bug, more like a secure vulnerability, but i didn't want to disturb you via email because of a trifle.
What is your expected behavior?
No response
How to reproduce the bug.
npm audit
Relevant log output
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ High │ Inefficient Regular Expression Complexity in │
│ │ chalk/ansi-regex │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package │ ansi-regex │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ @wdio/utils │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path │ @wdio/utils > @wdio/logger > strip-ansi > ansi-regex │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info │ https://github.com/advisories/GHSA-93q8-gq69-wqmw │
└───────────────┴──────────────────────────────────────────────────────────────┘
Code of Conduct
Is there an existing issue for this?
Have you read the Contributing Guidelines on issues?
WebdriverIO Version
latest
Node.js Version
latest
Mode
WDIO Testrunner
Which capabilities are you using?
No response
What happened?
strip-ansi (used by wdio/logger) uses ansi-regex@6.0.0 up to 7.0.0 (https://github.com/chalk/strip-ansi/blame/v7.0.1/package.json#L50)
ansi-regex has potential ReDoS vulnerability: chalk/ansi-regex#37
could you please update the dependency? (wdio-logger: strip-ansi@6.0.0 -> strip-ansi@7.0.1)
P.S: not exactly a bug, more like a secure vulnerability, but i didn't want to disturb you via email because of a trifle.
What is your expected behavior?
No response
How to reproduce the bug.
npm auditRelevant log output
Code of Conduct
Is there an existing issue for this?