Skip to content

Commit

Permalink
fix: update colors@1.4.0 cli-table2@0.6.1 (#1886)
Browse files Browse the repository at this point in the history 
* Update package.json

A Security Vuln was identified in the Colors package for >1.4.0, offending packages being `1.4.1`, `1.4.44-liberty`
- [source1](https://twitter.com/snyksec/status/1480286811482206216?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Etweet)
- [source2](https://twitter.com/snyksec/status/1480286811482206216?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Etweet)
- [source3](https://security.snyk.io/vuln/SNYK-JS-COLORS-2331906)

This PR pins the color package to `1.4.0` as advised on the [snyk page](https://snyk.io/blog/open-source-maintainer-pulls-the-plug-on-npm-packages-colors-and-faker-now-what/)

* chore: update changelog

* fix: update and pin cli-table3@0.6.1

* chore: update CHANGELOG
  • Loading branch information
@mannyluvstacos
mannyluvstacos committed Jan 10, 2022
1 parent 28726aa commit 4a808fa
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 2 deletions.
2 changes: 2 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,8 @@ Please see [CONTRIBUTING.md](https://github.com/cucumber/cucumber/blob/master/CO
[Issue#1869](https://github.com/cucumber/cucumber-js/issues/1869))
- Allows for parentheses in paths for developers working on cucumber's own code ([[#1735](https://github.com/cucumber/cucumber-js/issues/1735)])
- Smoother onboarding for Windows developers ([#1863](https://github.com/cucumber/cucumber-js/pull/1863))
- Pin `colors` to `1.4.0` to fix security vulnerability ([#1884](https://github.com/cucumber/cucumber-js/issues/1884))
- Pin `cli-table3` to `0.6.1` to fix security vulnerability ([#251](https://github.com/cli-table/cli-table3/pull/251))

### Added
- Export cucumber version number. It is now possible to retrieve the current version
Expand Down
5 changes: 3 additions & 2 deletions package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,6 +99,7 @@
"Lukas Degener <l.degener@tarent.de>",
"Łukasz Gandecki <lgandecki@css.edu>",
"M.P. Korstanje <mpkorstanje@users.noreply.github.com>",
"mannyluvstacos <mannyis@typingona.computer>",
"Marat Dyatko <vectart@gmail.com>",
"Marc Burton <marc.burton@first-utility.com>",
"Marcel Hoyer <mhoyer@pixelplastic.de>",
Expand Down Expand Up @@ -193,8 +194,8 @@
"@cucumber/tag-expressions": "4.1.0",
"assertion-error-formatter": "^3.0.0",
"capital-case": "^1.0.4",
"cli-table3": "^0.6.0",
"colors": "^1.4.0",
"cli-table3": "0.6.1",
"colors": "1.4.0",
"commander": "^8.0.0",
"duration": "^0.2.2",
"durations": "^3.4.2",
Expand Down

0 comments on commit 4a808fa

Please sign in to comment.