Skip to content
Snippets Groups Projects
Commit 66a20c63 authored by Andreas Fernandez's avatar Andreas Fernandez
Browse files

[BUGFIX] Enforce functional colors package 

The maintainer of the `colors` package decided to rampage and released
a bonkers version, see [1] and [2], causing an implosion of the npm eco
system.
Albeit TYPO3 uses this as a transitive dependency only, we're going
to be safe and enforce this package to version 1.4.0, the current known
to-be-stable version.

[1] https://github.com/Marak/colors.js/issues/285
[2] https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/

Resolves: #96499
Releases: main, 11.5, 10.4
Change-Id: Ic8ad9105c9a9bc45bb2519547bb044be672db27c
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72931


Tested-by: default avatarcore-ci <typo3@b13.com>
Tested-by: default avatarAndreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: default avatarAndreas Fernandez <a.fernandez@scripting-base.de>
parent 1b62c567
Branches
Tags
No related merge requests found
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment