GHSA-93q8-gq69-wqmw VS berry

{ "actions": [], "advisories": { "1004946": { "findings": [ { "version": "4.1.0", "paths": [ "ts-patch>strip-ansi>ansi-regex", "lerna>npmlog>gauge>ansi-regex", "lerna>@lerna/bootstrap>npmlog>gauge>ansi-regex", ... ] } ], "metadata": null, "vulnerable_versions": ">2.1.1 <5.0.1", "module_name": "ansi-regex", "severity": "moderate", "github_advisory_id": "GHSA-93q8-gq69-wqmw", "cves": [ "CVE-2021-3807" ], "access": "public", "patched_versions": ">=5.0.1", "updated": "2021-09-23T15:45:50.000Z", "recommendation": "Upgrade to version 5.0.1 or later", "cwe": "CWE-918", "found_by": null, "deleted": null, "id": 1004946, "references": "- https://nvd.nist.gov/vuln/detail/CVE-2021-3807\n- https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9\n- https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994\n- https://github.com/chalk/ansi-regex/issues/38#issuecomment-924086311\n- https://app.snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908\n- https://github.com/chalk/ansi-regex/issues/38#issuecomment-925924774\n- https://github.com/advisories/GHSA-93q8-gq69-wqmw", "created": "2021-11-18T16:00:48.472Z", "reported_by": null, "title": " Inefficient Regular Expression Complexity in chalk/ansi-regex", "npm_advisory_id": null, "overview": "ansi-regex is vulnerable to Inefficient Regular Expression Complexity", "url": "https://github.com/advisories/GHSA-93q8-gq69-wqmw" },

# npm audit report ansi-html * Severity: high Uncontrolled Resource Consumption in ansi-html - https://github.com/advisories/GHSA-whgm-jr23-g3j9 fix available via `npm audit fix --force` Will install [email protected], which is a breaking change node_modules/ansi-html @pmmmwh/react-refresh-webpack-plugin <=0.5.0-rc.6 Depends on vulnerable versions of ansi-html Depends on vulnerable versions of webpack-dev-server node_modules/@pmmmwh/react-refresh-webpack-plugin gatsby >=1.9.99 Depends on vulnerable versions of @pmmmwh/react-refresh-webpack-plugin Depends on vulnerable versions of @typescript-eslint/parser Depends on vulnerable versions of ansi-html Depends on vulnerable versions of eslint Depends on vulnerable versions of eslint-config-react-app Depends on vulnerable versions of gatsby-cli Depends on vulnerable versions of optimize-css-assets-webpack-plugin Depends on vulnerable versions of react-dev-utils Depends on vulnerable versions of strip-ansi Depends on vulnerable versions of webpack Depends on vulnerable versions of webpack-dev-server node_modules/gatsby ansi-regex >2.1.1 <5.0.1 Severity: moderate Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw fix available via `npm audit fix --force` Will install [email protected], which is a breaking change node_modules/react-dev-utils/node_modules/inquirer/node_modules/ansi-regex node_modules/string-width/node_modules/ansi-regex node_modules/strip-ansi/node_modules/ansi-regex node_modules/webpack-dev-server/node_modules/cliui/node_modules/ansi-regex node_modules/webpack-dev-server/node_modules/string-width/node_modules/ansi-regex node_modules/webpack-dev-server/node_modules/wrap-ansi/node_modules/ansi-regex strip-ansi 4.0.0 - 5.2.0 Depends on vulnerable versions of ansi-regex node_modules/react-dev-utils/node_modules/inquirer/node_modules/strip-ansi node_modules/string-width/node_modules/strip-ansi node_modules/strip-ansi node_modules/webpack-dev-server/node_modules/cliui/node_modules/strip-ansi node_modules/webpack-dev-server/node_modules/string-width/node_modules/strip-ansi node_modules/webpack-dev-server/node_modules/wrap-ansi/node_modules/strip-ansi cliui 4.0.0 - 5.0.0 Depends on vulnerable versions of strip-ansi Depends on vulnerable versions of wrap-ansi node_modules/webpack-dev-server/node_modules/cliui yargs 10.1.0 - 15.0.0 Depends on vulnerable versions of cliui Depends on vulnerable versions of string-width node_modules/webpack-dev-server/node_modules/yargs webpack-dev-server 2.0.0-beta - 3.11.3 Depends on vulnerable versions of chokidar Depends on vulnerable versions of yargs node_modules/webpack-dev-server @pmmmwh/react-refresh-webpack-plugin <=0.5.0-rc.6 Depends on vulnerable versions of ansi-html Depends on vulnerable versions of webpack-dev-server node_modules/@pmmmwh/react-refresh-webpack-plugin gatsby >=1.9.99 Depends on vulnerable versions of @pmmmwh/react-refresh-webpack-plugin Depends on vulnerable versions of @typescript-eslint/parser Depends on vulnerable versions of ansi-html Depends on vulnerable versions of eslint Depends on vulnerable versions of eslint-config-react-app Depends on vulnerable versions of gatsby-cli Depends on vulnerable versions of optimize-css-assets-webpack-plugin Depends on vulnerable versions of react-dev-utils Depends on vulnerable versions of strip-ansi Depends on vulnerable versions of webpack Depends on vulnerable versions of webpack-dev-server node_modules/gatsby eslint 4.5.0 - 7.15.0 Depends on vulnerable versions of strip-ansi Depends on vulnerable versions of table node_modules/eslint @typescript-eslint/eslint-plugin <=3.0.0-alpha.27 Depends on vulnerable versions of @typescript-eslint/parser Depends on vulnerable versions of eslint node_modules/@typescript-eslint/eslint-plugin eslint-config-react-app 3.0.0-next.03604a46 - 5.2.1 Depends on vulnerable versions of @typescript-eslint/eslint-plugin Depends on vulnerable versions of @typescript-eslint/parser Depends on vulnerable versions of eslint node_modules/eslint-config-react-app @typescript-eslint/parser 1.1.1-alpha.0 - 2.34.1-alpha.2 Depends on vulnerable versions of eslint node_modules/@typescript-eslint/parser gatsby-cli 2.5.9-ink.60 - 2.5.9-ink.61 || >=2.6.0-0 Depends on vulnerable versions of gatsby-recipes Depends on vulnerable versions of strip-ansi node_modules/gatsby-cli inquirer 3.2.0 - 7.0.4 Depends on vulnerable versions of string-width Depends on vulnerable versions of strip-ansi node_modules/react-dev-utils/node_modules/inquirer react-dev-utils 0.4.0 - 11.0.3 Depends on vulnerable versions of inquirer node_modules/react-dev-utils string-width 2.1.0 - 4.1.0 Depends on vulnerable versions of strip-ansi node_modules/string-width node_modules/table/node_modules/string-width node_modules/webpack-dev-server/node_modules/string-width table 4.0.2 - 5.4.6 Depends on vulnerable versions of string-width node_modules/table wrap-ansi 3.0.0 - 6.1.0 Depends on vulnerable versions of string-width Depends on vulnerable versions of strip-ansi node_modules/webpack-dev-server/node_modules/wrap-ansi yurnalist >=1.0.5 Depends on vulnerable versions of strip-ansi node_modules/yurnalist glob-parent <5.1.2 Severity: high Regular expression denial of service - https://github.com/advisories/GHSA-ww39-953v-wcq6 fix available via `npm audit fix --force` Will install [email protected], which is a breaking change node_modules/watchpack-chokidar2/node_modules/glob-parent node_modules/webpack-dev-server/node_modules/glob-parent chokidar 1.0.0-rc1 - 2.1.8 Depends on vulnerable versions of glob-parent node_modules/watchpack-chokidar2/node_modules/chokidar node_modules/webpack-dev-server/node_modules/chokidar watchpack-chokidar2 * Depends on vulnerable versions of chokidar node_modules/watchpack-chokidar2 watchpack 1.7.2 - 1.7.5 Depends on vulnerable versions of watchpack-chokidar2 node_modules/watchpack webpack 4.44.0 - 4.46.0 Depends on vulnerable versions of watchpack node_modules/webpack gatsby >=1.9.99 Depends on vulnerable versions of @pmmmwh/react-refresh-webpack-plugin Depends on vulnerable versions of @typescript-eslint/parser Depends on vulnerable versions of ansi-html Depends on vulnerable versions of eslint Depends on vulnerable versions of eslint-config-react-app Depends on vulnerable versions of gatsby-cli Depends on vulnerable versions of optimize-css-assets-webpack-plugin Depends on vulnerable versions of react-dev-utils Depends on vulnerable versions of strip-ansi Depends on vulnerable versions of webpack Depends on vulnerable versions of webpack-dev-server node_modules/gatsby webpack-dev-server 2.0.0-beta - 3.11.3 Depends on vulnerable versions of chokidar Depends on vulnerable versions of yargs node_modules/webpack-dev-server @pmmmwh/react-refresh-webpack-plugin <=0.5.0-rc.6 Depends on vulnerable versions of ansi-html Depends on vulnerable versions of webpack-dev-server node_modules/@pmmmwh/react-refresh-webpack-plugin nth-check <2.0.1 Severity: moderate Inefficient Regular Expression Complexity in nth-check - https://github.com/advisories/GHSA-rp65-9cf3-cjxr fix available via `npm audit fix --force` Will install [email protected], which is a breaking change node_modules/svgo/node_modules/nth-check css-select <=3.1.0 Depends on vulnerable versions of nth-check node_modules/svgo/node_modules/css-select svgo 1.0.0 - 1.3.2 Depends on vulnerable versions of css-select node_modules/svgo postcss-svgo 4.0.0-nightly.2020.1.9 - 5.0.0-rc.2 Depends on vulnerable versions of svgo node_modules/postcss-svgo cssnano-preset-default <=4.0.8 Depends on vulnerable versions of postcss-svgo node_modules/cssnano-preset-default cssnano 4.0.0-nightly.2020.1.9 - 4.1.11 Depends on vulnerable versions of cssnano-preset-default node_modules/cssnano optimize-css-assets-webpack-plugin 3.2.1 || 5.0.0 - 5.0.8 Depends on vulnerable versions of cssnano node_modules/optimize-css-assets-webpack-plugin gatsby >=1.9.99 Depends on vulnerable versions of @pmmmwh/react-refresh-webpack-plugin Depends on vulnerable versions of @typescript-eslint/parser Depends on vulnerable versions of ansi-html Depends on vulnerable versions of eslint Depends on vulnerable versions of eslint-config-react-app Depends on vulnerable versions of gatsby-cli Depends on vulnerable versions of optimize-css-assets-webpack-plugin Depends on vulnerable versions of react-dev-utils Depends on vulnerable versions of strip-ansi Depends on vulnerable versions of webpack Depends on vulnerable versions of webpack-dev-server node_modules/gatsby react-dev-utils 0.4.0 - 11.0.3 Severity: moderate Improper Neutralization of Special Elements used in an OS Command. - https://github.com/advisories/GHSA-5q6m-3h65-w53x Depends on vulnerable versions of inquirer fix available via `npm audit fix --force` Will install [email protected], which is a breaking change node_modules/react-dev-utils gatsby >=1.9.99 Depends on vulnerable versions of @pmmmwh/react-refresh-webpack-plugin Depends on vulnerable versions of @typescript-eslint/parser Depends on vulnerable versions of ansi-html Depends on vulnerable versions of eslint Depends on vulnerable versions of eslint-config-react-app Depends on vulnerable versions of gatsby-cli Depends on vulnerable versions of optimize-css-assets-webpack-plugin Depends on vulnerable versions of react-dev-utils Depends on vulnerable versions of strip-ansi Depends on vulnerable versions of webpack Depends on vulnerable versions of webpack-dev-server node_modules/gatsby trim <0.0.3 Severity: high Regular Expression Denial of Service in trim - https://github.com/advisories/GHSA-w5p7-h5w8-2hfq fix available via `npm audit fix --force` Will install [email protected], which is a breaking change node_modules/trim remark-parse <=8.0.3 Depends on vulnerable versions of trim node_modules/remark-parse gatsby-recipes 0.0.7-unifiedroutes.76 - 0.0.7-unifiedroutes-v2.135 || >=0.1.31 Depends on vulnerable versions of remark-parse node_modules/gatsby-recipes gatsby-cli 2.5.9-ink.60 - 2.5.9-ink.61 || >=2.6.0-0 Depends on vulnerable versions of gatsby-recipes Depends on vulnerable versions of strip-ansi node_modules/gatsby-cli gatsby >=1.9.99 Depends on vulnerable versions of @pmmmwh/react-refresh-webpack-plugin Depends on vulnerable versions of @typescript-eslint/parser Depends on vulnerable versions of ansi-html Depends on vulnerable versions of eslint Depends on vulnerable versions of eslint-config-react-app Depends on vulnerable versions of gatsby-cli Depends on vulnerable versions of optimize-css-assets-webpack-plugin Depends on vulnerable versions of react-dev-utils Depends on vulnerable versions of strip-ansi Depends on vulnerable versions of webpack Depends on vulnerable versions of webpack-dev-server node_modules/gatsby ws 7.0.0 - 7.4.5 Severity: moderate ReDoS in Sec-Websocket-Protocol header - https://github.com/advisories/GHSA-6fc8-4gx4-v693 fix available via `npm audit fix` node_modules/@graphql-tools/url-loader/node_modules/ws @graphql-tools/url-loader 6.4.1-alpha-0ea0f8b7.0 - 6.10.1 Depends on vulnerable versions of ws node_modules/@graphql-tools/url-loader 36 vulnerabilities (23 moderate, 13 high) To address issues that do not require attention, run: npm audit fix To address all issues (including breaking changes), run: npm audit fix --force

More info https://github.com/advisories/GHSA-93q8-gq69-wqmw

Inefficient Regular Expression Complexity in chalk/ansi-regex - https://github.com/advisories/GHSA-93q8-gq69-wqmw

# .gitignore .yarn/* !.yarn/patches !.yarn/plugins !.yarn/releases !.yarn/sdks !.yarn/versions # Swap the comments on the following lines if you don't wish to use zero-installs # Documentation here: https://yarnpkg.com/features/zero-installs # !.yarn/cache .pnp.* node_modules

If you need help with setting up the project, I recommend that you follow this guide from Yarn documentation.

Yarn

Install Yarn or NPM to add the required packages and modules.

Latest version of Node and Yarn

Have Node and Yarn installed with a recent version.

Node.js manages dependencies using package managers like npm (Node Package Manager), yarn, and pnpm. npm comes pre-installed with Node.js and allows you to install and uninstall Node.js packages. It uses a package.json file to keep track of which packages your project depends on. Yarn and Pnpm are alternative package managers that aim to improve on npm in various ways, such as improved performance and better lock file format.

Depending on the stack of the repository you are cloning, you might have to install additional dependencies. For this demo, I'm using my own website, which is a static website built with Astro.js. It which requires to have Node.js installed and Yarn for package manager.

A package manager such as npm, Yarn, or pnpm. A package manager is a tool that helps you manage the dependencies of your project. You can use any of these package managers to install Jest and other packages.

To start off, you'll need Node.js installed on your local system. This ChatGPT API guide will use Yarn to install dependencies in the project, but you're free to use npm or any other package management tool if you wish. Finally, you'll need an OpenAI account for ChatGPT API access.