New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: pin [email protected] to fix security vuln #184

Merged

ColemanGariety merged 1 commit into ColemanGariety:master from mannyluvstacos:patch-1

Jan 13, 2022

Contributor

mannyluvstacos commented Jan 10, 2022

A Security Vuln was identified in the Colors package for >1.4.0, offending packages being 1.4.1, 1.4.44-liberty

This PR pins the color package to 1.4.0 as advised on the snyk page


          fix: pin [email protected] to fix security vuln

a632180

A Security Vuln was identified in the Colors package for >1.4.0, offending packages being `1.4.1`, `1.4.44-liberty`
- [source1](https://twitter.com/snyksec/status/1480286811482206216?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Etweet)
- [source2](https://twitter.com/snyksec/status/1480286811482206216?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Etweet)
- [source3](https://security.snyk.io/vuln/SNYK-JS-COLORS-2331906)

This PR pins the color package to `1.4.0` as advised on the [snyk page](https://snyk.io/blog/open-source-maintainer-pulls-the-plug-on-npm-packages-colors-and-faker-now-what/)

Contributor Author

mannyluvstacos commented Jan 13, 2022

Hi @JacksonGariety , when you have a moment to review, this pins colors to a safe version

ColemanGariety merged commit e424c75 into ColemanGariety:master

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet