Security - Inefficient Regular Expression Complexity in chalk/ansi-regex

[wSedlacek]

nps/package.json

Line 33 in 57989a2

"yargs": "14.2.0"

ansi-regex  >2.1.1 <5.0.1
Severity: moderate
 Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw
fix available via `npm audit fix --force`
Will install nps@5.9.8, which is a breaking change
node_modules/cliui/node_modules/ansi-regex
node_modules/wrap-ansi/node_modules/ansi-regex
node_modules/yargs/node_modules/ansi-regex
  strip-ansi  4.0.0 - 5.2.0
  Depends on vulnerable versions of ansi-regex
  node_modules/cliui/node_modules/strip-ansi
  node_modules/wrap-ansi/node_modules/strip-ansi
  node_modules/yargs/node_modules/strip-ansi
    cliui  4.0.0 - 5.0.0
    Depends on vulnerable versions of strip-ansi
    Depends on vulnerable versions of wrap-ansi
    node_modules/cliui
      yargs  10.1.0 - 15.0.0
      Depends on vulnerable versions of cliui
      Depends on vulnerable versions of string-width
      node_modules/yargs
        nps  >=5.9.10
        Depends on vulnerable versions of yargs
        node_modules/nps
    string-width  2.1.0 - 4.1.0
    Depends on vulnerable versions of strip-ansi
    node_modules/cliui/node_modules/string-width
    node_modules/wrap-ansi/node_modules/string-width
    node_modules/yargs/node_modules/string-width
      wrap-ansi  3.0.0 - 6.1.0
      Depends on vulnerable versions of string-width
      Depends on vulnerable versions of strip-ansi
      node_modules/wrap-ansi

Are there any plans on updating yargs?

[mf-bruce]

This is fixed in our fork of nps, available here: https://www.npmjs.com/package/@markforged/nps

Fix: MarkForged/nps@fb352e1