Closed mannyluvstacos closed 2 years ago
Hello Manny, This project has not had a commit in 5 years?
NPM has already removed the offending version ( https://www.npmjs.com/package/colors ) There is no need for this change 👍 This project is not compromised
Hello Ethan!
While the offending version has been removed, other projects have shifted to using the package @dabh/colors
as there is still the possibility of an update as was seen in 1.4.1, or am I mistaken?
A Security Vuln was identified in the Colors package for >1.4.0, offending packages being
1.4.1
,1.4.44-liberty
This PR updates the color package to using @dabh/colors as stated on this colors issue #317 which is a safe alternative.