colors.js has issues

[JJ]

Mainly, this Marak/colors.js#285 Latest version has been compromised. A former maintainer, @DABH, has released this alternative 1.4.0 version.
Alternatively, it could simply be eliminated, since it's optional.

[DanielRuf]

We should pin it. See also Marak/colors.js#285 (comment) for some easy workarounds in your projects.

[JJ]

We should pin it. See also Marak/colors.js#285 (comment) for some easy workarounds in your projects.

Both are valid, according to [this comment]8Marak/colors.js#285 (comment)) by @DABH. However, in that same comment they're committing to keep upgrading so it might be a better option. Anyway, your call, and all my support for anything you decide.

[DanielRuf]

However, in that same comment they're committing to keep upgrading so it might be a better option

But this will not fix the current releases of cli-table3.

If you can provide a PR to pin the version, we can merge this and make a new release.

But previous releases will still be affected. That's why we will have to document resolutions and patch-package as possible solutions.

And we should wait until next week / Monday to see which route to go with the package in general. Best would be an org, which takes over the maintenance of colors.

[DanielRuf]

If you can provide a PR to pin the version, we can merge this and make a new release.

That's generally a better option to pin it to 1.4.0 since old package releases with so many installs and packages in general can not be deleted anymore after the left-pad case happened.

[DanielRuf]

@Turbo87 hi, can you merge and prepare / push a new release, when you find some time? That would be great.

[Turbo87]

@DanielRuf currently a bit busy here. I've invited you to the org and added you on npm. feel free to merge and release :)

[DanielRuf]

@DanielRuf currently a bit busy here. I've invited you to the org and added you on npm. feel free to merge and release :)

Thanks, I have accepted the invitation.

Only those with write access to this repository can merge pull requests.

Hm, seems I need a few more rights.
When I'm on a computer later I will make a release using GH Codespaces, let's see how this will work.

[DanielRuf]

As I still need write access to the repo I did this:

• create GitHub Codespaces instance from this PR
• update yarn.lock
• bump the version in package.json
• publish to npm as 0.6.1

You can see the changes also at https://diff.intrinsic.com/cli-table3/0.6.0/0.6.1

Pushing the changes to the fork in a few minutes.

[DanielRuf]

@JJ did you check / enable the checkbox in you PR to allow changes by us?

Because I get this on "git push":

remote: Permission to JJ/cli-table3.git denied to DanielRuf.
fatal: unable to access 'https://github.com/JJ/cli-table3/': The requested URL returned error: 403

[JJ]

@JJ did you check / enable the checkbox in you PR to allow changes by us?

Because I get this on "git push":

remote: Permission to JJ/cli-table3.git denied to DanielRuf.
fatal: unable to access 'https://github.com/JJ/cli-table3/': The requested URL returned error: 403

Do you still need this? I might have not. Anyway, I guess you'll make any changes afterwards. Thanks!

[DanielRuf]

Do you still need this? I might have not. Anyway, I guess you'll make any changes afterwards. Thanks!

Thanks, it is not needed anymore.
I found a workaround and have now the needed write permissions for the project.

Thanks for your contribution and help with this.