From 8fc20d21cd7861ecc4f034ae82234a05227c2c12 Mon Sep 17 00:00:00 2001

From: rpm-build <rpm-build>

Date: Thu, 9 Dec 2021 15:48:46 +0100

Subject: [PATCH] deps(ansi-regex): fix potential ReDoS

This is the upstream fix [1] applied to all applicable bundled deps.

[1]: https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9

Fixes: CVE-2021-3807

Signed-off-by: rpm-build <rpm-build>

---

 .../node_modules/string-width/node_modules/ansi-regex/index.js  | 2 +-

 deps/npm/node_modules/yargs/node_modules/ansi-regex/index.js    | 2 +-

 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/deps/npm/node_modules/string-width/node_modules/ansi-regex/index.js b/deps/npm/node_modules/string-width/node_modules/ansi-regex/index.js

index c4aaecf..7d32201 100644

--- a/deps/npm/node_modules/string-width/node_modules/ansi-regex/index.js

+++ b/deps/npm/node_modules/string-width/node_modules/ansi-regex/index.js

@@ -2,7 +2,7 @@

 module.exports = () => {

 	const pattern = [

-		'[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:[a-zA-Z\\d]*(?:;[a-zA-Z\\d]*)*)?\\u0007)',

+		'[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]+)*|[a-zA-Z\\d]+(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)',

 		'(?:(?:\\d{1,4}(?:;\\d{0,4})*)?[\\dA-PRZcf-ntqry=><~]))'

 	].join('|');

diff --git a/deps/npm/node_modules/yargs/node_modules/ansi-regex/index.js b/deps/npm/node_modules/yargs/node_modules/ansi-regex/index.js

index c254480..9e37ec3 100644

--- a/deps/npm/node_modules/yargs/node_modules/ansi-regex/index.js

+++ b/deps/npm/node_modules/yargs/node_modules/ansi-regex/index.js

@@ -6,7 +6,7 @@ module.exports = options => {

 	}, options);

 	const pattern = [

-		'[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:[a-zA-Z\\d]*(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)',

+		'[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]+)*|[a-zA-Z\\d]+(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)',

 		'(?:(?:\\d{1,4}(?:;\\d{0,4})*)?[\\dA-PR-TZcf-ntqry=><~]))'

 	].join('|');

-- 

2.38.1