There is also a vulnerability reported for validate-color when installing the latest version of decap-cms:
✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-VALIDATECOLOR-2935878] in validate-color@2.2.4
introduced by decap-cms-app@3.0.12 > decap-cms-widget-colorstring@3.0.2 > validate-color@2.2.4
No upgrade or patch available
This is the only place where it's used, so it should be easy to replace: https://github.com/decaporg/decap-cms/blob/master/packages/decap-cms-widget-colorstring/src/ColorControl.js#L134
Originally posted by @kl-ma in https://github.com/decaporg/decap-cms/issues/6513#issuecomment-1841410048