Per [CVE-2021-3807](https://nvd.nist.gov/vuln/detail/CVE-2021-3807), version of `ansi-regex` except 5.0.1 and 6.0.1 are vulnerable to a ReDoS attack. Per [this comment](https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9#commitcomment-57133781), v2.1.1 is not affected as it uses a different regex (used by `pa11y-ci@2.4.2). `ansi-regex` v4.1.0 is used by `jest-junit`, but only [here](https://github.com/jest-community/jest-junit/blob/46ab4a482522eac7b367ab5e37d084b32da9a6ca/utils/buildJsonResults.js#L194) to strip from failure messages as passed from `jest`, so not a meaningful vulnerability.