[STCLI-188] avoid sabotaged colors.js > 1.4.0 Created: 10/Jan/22  Updated: 11/Feb/22  Resolved: 11/Feb/22

Status: Closed
Project: stripes-cli
Components: None
Affects versions: None
Fix versions: 2.5.0

Type: Task Priority: P1
Reporter: Zak Burke Assignee: Zak Burke
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Issue links:
Cloners
clones FOLIO-3383 avoid sabotaged colors.js > 1.4.0 Closed
Sprint:
Development Team: None

 Description   

Summary: The platform's package.json must lock to colors 1.4.0 to avoid sabotaged patch releases.
Details: The author of colors.js, a transitive dependency of stripes-cli, was sabotaged by its owner in several patch releases published directly to NPM including 1.4.2, 1.4.1, and 1.4.44-liberty-2.


Generated at Thu Feb 08 23:27:42 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.