From 4a808faa2eb27784c5c1425b8304c93f4ba638f4 Mon Sep 17 00:00:00 2001
From: Manny <mannyis@typingona.computer>
Date: Mon, 10 Jan 2022 01:23:15 -0600
Subject: [PATCH] fix: update colors@1.4.0 cli-table2@0.6.1  (#1886)

* Update package.json

A Security Vuln was identified in the Colors package for >1.4.0, offending packages being `1.4.1`, `1.4.44-liberty`
- [source1](https://twitter.com/snyksec/status/1480286811482206216?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Etweet)
- [source2](https://twitter.com/snyksec/status/1480286811482206216?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Etweet)
- [source3](https://security.snyk.io/vuln/SNYK-JS-COLORS-2331906)

This PR pins the color package to `1.4.0` as advised on the [snyk page](https://snyk.io/blog/open-source-maintainer-pulls-the-plug-on-npm-packages-colors-and-faker-now-what/)

* chore: update changelog

* fix: update and pin cli-table3@0.6.1

* chore: update CHANGELOG
---
 CHANGELOG.md | 2 ++
 package.json | 5 +++--
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 190435040..36eee8db1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -18,6 +18,8 @@ Please see [CONTRIBUTING.md](https://github.com/cucumber/cucumber/blob/master/CO
    [Issue#1869](https://github.com/cucumber/cucumber-js/issues/1869))
 - Allows for parentheses in paths for developers working on cucumber's own code ([[#1735](https://github.com/cucumber/cucumber-js/issues/1735)])
 - Smoother onboarding for Windows developers ([#1863](https://github.com/cucumber/cucumber-js/pull/1863))
+- Pin `colors` to `1.4.0` to fix security vulnerability ([#1884](https://github.com/cucumber/cucumber-js/issues/1884))
+- Pin `cli-table3` to `0.6.1` to fix security vulnerability ([#251](https://github.com/cli-table/cli-table3/pull/251))
 
 ### Added
 - Export cucumber version number. It is now possible to retrieve the current version
diff --git a/package.json b/package.json
index 3237bd89f..af5f8a288 100644
--- a/package.json
+++ b/package.json
@@ -99,6 +99,7 @@
     "Lukas Degener <l.degener@tarent.de>",
     "Łukasz Gandecki <lgandecki@css.edu>",
     "M.P. Korstanje <mpkorstanje@users.noreply.github.com>",
+    "mannyluvstacos <mannyis@typingona.computer>",
     "Marat Dyatko <vectart@gmail.com>",
     "Marc Burton <marc.burton@first-utility.com>",
     "Marcel Hoyer <mhoyer@pixelplastic.de>",
@@ -193,8 +194,8 @@
     "@cucumber/tag-expressions": "4.1.0",
     "assertion-error-formatter": "^3.0.0",
     "capital-case": "^1.0.4",
-    "cli-table3": "^0.6.0",
-    "colors": "^1.4.0",
+    "cli-table3": "0.6.1",
+    "colors": "1.4.0",
     "commander": "^8.0.0",
     "duration": "^0.2.2",
     "durations": "^3.4.2",