This updates strip-ansi
to version ^6.0.1 to fix this vulnerability issue: https://www.npmjs.com/advisories/1004946.
I don't know how to test this, but would gladly help, if I can get a bit of guidance.
- According to https://github.com/chalk/strip-ansi/releases/tag/v6.0.0, upgrading to version 6 requires changing
import stripAnsi from 'strip-ansi';
toimport stripAnsi = require('strip-ansi');
. I did not make this change because VSCode only accepted the current syntax, and my experience is that VSCode is usually right about these things. 🙂 - I have updates to ^6.0.1 across all packages including the ones that already were on ^6.0.0 to align the version and to make it clear that v6.0.0 should be avoided.
- I have not upgrade to version 7 because that changes
strip-ansi
to the ESM syntax, and I am unsure if this would work. - Running
yarn install
did not updateyarn.lock
, so there are probably still some packages using thestrip-ansi
in the older (and vulnerable) versions. - The starters haven't been touched. Unsure if this is acceptable.
- This is a follow up to the discussion here: https://github.com/gatsbyjs/gatsby/discussions/28852