fix: update to @dabh/colors for security vuln

embarklabs / embark

Framework for serverless Decentralized Applications using Ethereum, IPFS and other platforms

https://framework.embarklabs.io/

MIT License

3.79k stars 494 forks source link

fix: update to @dabh/colors for security vuln #2519

Closed mannyluvstacos closed 2 years ago

mannyluvstacos commented 2 years ago

What did you refactor, implement, or fix?

A Security Vuln was identified in the Colors package for >1.4.0, offending packages being 1.4.1, 1.4.44-liberty

This PR updates the color package to using @dabh/colors as stated on this colors issue #317 which is a safe alternative.

Cool Spaceship Picture

🚀 😄

ethnh commented 2 years ago

Hello Manny, This project has not had a commit in 15 months?

Colors.js has already removed the offending version ( https://www.npmjs.com/package/colors ) There is no need for this change 👍

mannyluvstacos commented 2 years ago

Hey there, Ethan!

While the offending version has been removed, other projects have shifted to using the package @dabh/colors as there is still the possibility of an update as was seen in 1.4.1, or am I mistaken?