Fix CVE-2021-3807: Upgrade transitive dependency ansi-regex from 4.1.1 to 5.0.1

balajacatherin · facebook-github-bot · commit bff4a8a51549 · 2026-04-07T20:48:01.000-07:00
Summary: Fix CVE-2021-3807: Upgrade transitive dependency ansi-regex from 4.1.1 to 5.0.1 ## Summary Upgrading the transitive dependency `ansi-regex` from 4.1.1 to 5.0.1 to fix CVE-2021-3807 (ReDoS vulnerability). **Dependency chain:** react-native/tester -> react-native-community/cli-platform-android -> logkitty -> ansi-fragments -> strip-ansi -> ansi-regex@4.1.1 The fix was applied via a temporary yarn resolution, then removed. The version stuck at 5.0.1 without the resolution. Only yarn.lock is changed. Changelog: [General][Security] -Upgrade transitive dependency ansi-regex from 4.1.1 to 5.0.1 Differential Revision: D99867505
diff --git a/yarn.lock b/yarn.lock
@@ -2681,9 +2681,9 @@ ansi-regex@^5.0.0, ansi-regex@^5.0.1:
   integrity sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==
 
 ansi-regex@^6.0.1:
-  version "6.0.1"
-  resolved "https://registry.yarnpkg.com/ansi-regex/-/ansi-regex-6.0.1.tgz#3183e38fae9a65d7cb5e53945cd5897d0260a06a"
-  integrity sha512-n5M855fKb2SsfMIiFFoVrABHJC8QtHwVx+mHWP3QcEqBHYienj5dHSgjbxtC0WEZXYt4wcD6zrQElDPhFuZgfA==
+  version "6.2.2"
+  resolved "https://registry.yarnpkg.com/ansi-regex/-/ansi-regex-6.2.2.tgz#60216eea464d864597ce2832000738a0589650c1"
+  integrity sha512-Bq3SmSpyFHaWjPk8If9yc6svM8c56dB5BAtW4Qbw5jHTwwXXcTLoRMkpDJp6VL0XzlWaCHTXrkFURMYmD0sLqg==
 
 ansi-styles@^3.2.0:
   version "3.2.1"
