Fix ansi-html vulnerability (#1049)

* fix: package.json & yarn.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-EJS-1049328 * Revert "fix: package.json & yarn.lock to reduce vulnerabilities" This reverts commit 90c2ece. * Update to ejs 3.1.6, which fixes the vulnerability * Force the resolution of ansi-html (unmaintained) to a community version that fixes the vulnerability. Co-authored-by: snyk-bot <snyk-bot@snyk.io> Co-authored-by: appleseed-iii <80423742+appleseed-iii@users.noreply.github.com>
OlympusDAO · Jan 4, 2022 · ac75bf4 · ac75bf4
1 parent db610ae
commit ac75bf4
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 5 deletions.
diff --git a/package.json b/package.json
@@ -162,6 +162,7 @@
     "**/ansi-regex": "5.0.1",
     "**/prompts": "2.4.2",
     "**/shell-quote": "1.7.3",
-    "**/ejs": "3.1.6"
+    "**/ejs": "3.1.6",
+    "**/ansi-html": "https://registry.yarnpkg.com/ansi-html-community/-/ansi-html-community-0.0.8.tgz"
   }
 }
diff --git a/yarn.lock b/yarn.lock
@@ -4683,10 +4683,9 @@ ansi-gray@^0.1.1:
   dependencies:
     ansi-wrap "0.1.0"
 
-ansi-html@0.0.7, ansi-html@^0.0.7:
-  version "0.0.7"
-  resolved "https://registry.yarnpkg.com/ansi-html/-/ansi-html-0.0.7.tgz#813584021962a9e9e6fd039f940d12f56ca7859e"
-  integrity sha1-gTWEAhliqenm/QOflA0S9WynhZ4=
+ansi-html@0.0.7, ansi-html@^0.0.7, "ansi-html@https://registry.yarnpkg.com/ansi-html-community/-/ansi-html-community-0.0.8.tgz":
+  version "0.0.8"
+  resolved "https://registry.yarnpkg.com/ansi-html-community/-/ansi-html-community-0.0.8.tgz#69fbc4d6ccbe383f9736934ae34c3f8290f1bf41"
 
 ansi-regex@5.0.1, ansi-regex@^2.0.0, ansi-regex@^3.0.0, ansi-regex@^4.1.0, ansi-regex@^5.0.0, ansi-regex@^5.0.1:
   version "5.0.1"