Open source changelog

Follow the evolution of Gatsby.

Subscribe to updates
 

This updates strip-ansi to version ^6.0.1 to fix this vulnerability issue: https://www.npmjs.com/advisories/1004946.

I don't know how to test this, but would gladly help, if I can get a bit of guidance.

  • According to https://github.com/chalk/strip-ansi/releases/tag/v6.0.0, upgrading to version 6 requires changing import stripAnsi from 'strip-ansi'; to import stripAnsi = require('strip-ansi');. I did not make this change because VSCode only accepted the current syntax, and my experience is that VSCode is usually right about these things. 🙂
  • I have updates to ^6.0.1 across all packages including the ones that already were on ^6.0.0 to align the version and to make it clear that v6.0.0 should be avoided.
  • I have not upgrade to version 7 because that changes strip-ansi to the ESM syntax, and I am unsure if this would work.
  • Running yarn install did not update yarn.lock, so there are probably still some packages using the strip-ansi in the older (and vulnerable) versions.
  • The starters haven't been touched. Unsure if this is acceptable.
  • This is a follow up to the discussion here: https://github.com/gatsbyjs/gatsby/discussions/28852