Skip to content

Commit

Permalink
fix: replace ansi-html with ansi-html-community to fix vulnerability
Browse files Browse the repository at this point in the history
This is a fix for the vulnerability reported in [CVE-2021-23424][CVE] by
replacing the ansi-html dependency with a fork of the project that has
the [suggested fix][ansi-html-fix] and resolves [#412][412]

[CVE]: https://nvd.nist.gov/vuln/detail/CVE-2021-23424
[ansi-html-fix]: Tjatse/ansi-html#19
[412]: #412
  • Loading branch information
nttibbetts committed Sep 9, 2021
1 parent f0ffa4c commit adeeade
Show file tree
Hide file tree
Showing 4 changed files with 7 additions and 7 deletions.
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,7 @@ Configuration options can be passed to the client by adding querystring paramete
* **quiet** - Set to `true` to disable all console logging.
* **dynamicPublicPath** - Set to `true` to use webpack `publicPath` as prefix of `path`. (We can set `__webpack_public_path__` dynamically at runtime in the entry point, see note of [output.publicPath](https://webpack.js.org/configuration/output/#output-publicpath))
* **autoConnect** - Set to `false` to use to prevent a connection being automatically opened from the client to the webpack back-end - ideal if you need to modify the options using the `setOptionsAndConnect` function
* **ansiColors** - An object to customize the client overlay colors as mentioned in the [ansi-html](https://github.com/Tjatse/ansi-html/blob/99ec49e431c70af6275b3c4e00c7be34be51753c/README.md#set-colors) package.
* **ansiColors** - An object to customize the client overlay colors as mentioned in the [ansi-html-community](https://github.com/mahdyar/ansi-html-community#set-colors) package.
* **overlayStyles** - An object to let you override or add new inline styles to the client overlay div.
* **overlayWarnings** - Set to `true` to enable client overlay on warnings in addition to errors.

Expand Down
2 changes: 1 addition & 1 deletion client-overlay.js
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ var styles = {
textAlign: 'left',
};

var ansiHTML = require('ansi-html');
var ansiHTML = require('ansi-html-community');
var colors = {
reset: ['transparent', 'transparent'],
black: '181818',
Expand Down
8 changes: 4 additions & 4 deletions package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@
"author": "Glen Mailer <[email protected]>",
"license": "MIT",
"dependencies": {
"ansi-html": "0.0.7",
"ansi-html-community": "0.0.8",
"html-entities": "^2.1.0",
"querystring": "^0.2.0",
"strip-ansi": "^6.0.0"
Expand Down

0 comments on commit adeeade

Please sign in to comment.