fix: replace ansi-html with ansi-html-community

fabienmoyon · fabienmoyon · commit 6a5dce188ec9 · 2021-09-08T16:54:16.000+02:00
This fixes the ReDoS vulnerability CVE-2021-23424
diff --git a/client-src/default/overlay.js b/client-src/default/overlay.js
@@ -3,7 +3,7 @@
 // The error overlay is inspired (and mostly copied) from Create React App (https://github.com/facebookincubator/create-react-app)
 // They, in turn, got inspired by webpack-hot-middleware (https://github.com/glenjamin/webpack-hot-middleware).
 
-const ansiHTML = require('ansi-html');
+const ansiHTML = require('ansi-html-community');
 const { AllHtmlEntities } = require('html-entities');
 
 const entities = new AllHtmlEntities();
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -36,7 +36,7 @@
     "release": "standard-version"
   },
   "dependencies": {
-    "ansi-html": "0.0.7",
+    "ansi-html-community": "^0.0.8",
     "bonjour": "^3.5.0",
     "chokidar": "^2.1.8",
     "compression": "^1.7.4",
