DoS sec vulnerability in `colors`
antongolub opened this issue · 1 comments
antongolub commented
Dependency chain: yarn-audit-fix → synp → colors@^1.4.0
- https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/
- https://snyk.io/blog/open-source-npm-packages-colors-faker/
- Marak/colors.js#285
UPD 2022-01-11
- https://security.snyk.io/vuln/SNYK-JS-COLORS-2331906
- npm has removed vulnerable versions of
colors
lib: Marak/colors.js#317
antongolub commented
🎉 This issue has been resolved in version 9.0.5 🎉
The release is available on:
Your semantic-release bot 📦🚀