Commit 0f31667b authored by Andreas Fernandez's avatar Andreas Fernandez
Browse files

[BUGFIX] Enforce functional colors package

The maintainer of the `colors` package decided to rampage and released
a bonkers version, see [1] and [2], causing an implosion of the npm eco
system.
Albeit TYPO3 uses this as a transitive dependency only, we're going
to be safe and enforce this package to version 1.4.0, the current known
to-be-stable version.

[1] https://github.com/Marak/colors.js/issues/285
[2] https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/

Resolves: #96499
Releases: main, 11.5, 10.4
Change-Id: Ic8ad9105c9a9bc45bb2519547bb044be672db27c
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/72949

Tested-by: Benjamin Franzke's avatarBenjamin Franzke <bfr@qbus.de>
Tested-by: core-ci's avatarcore-ci <typo3@b13.com>
Tested-by: Andreas Fernandez's avatarAndreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Benjamin Franzke's avatarBenjamin Franzke <bfr@qbus.de>
Reviewed-by: Oliver Klee's avatarOliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Wouter Wolters's avatarWouter Wolters <typo3@wouterwolters.nl>
Reviewed-by: Andreas Fernandez's avatarAndreas Fernandez <a.fernandez@scripting-base.de>
parent aedbf806
......@@ -114,5 +114,8 @@
"taboverride": "^4.0.3",
"tagsort": "^1.4.0",
"web-animate": "^0.4.1"
},
"resolutions": {
"colors": "<1.4.1"
}
}
......@@ -2025,16 +2025,11 @@ colorguard@^1.2.0:
text-table "^0.2.0"
yargs "^1.2.6"
colors@^1.1.2, colors@^1.4.0:
colors@<1.4.1, colors@^1.1.2, colors@^1.4.0, colors@~1.1.2:
version "1.4.0"
resolved "https://registry.yarnpkg.com/colors/-/colors-1.4.0.tgz#c50491479d4c1bdaed2c9ced32cf7c7dc2360f78"
integrity sha512-a+UqTh4kgZg/SlGvfbzDHpgRu7AAQOmmqRHJnxhRZICKFUT91brVhNNt58CMWU9PsBbv3PDCZUHbVxuDiH2mtA==
colors@~1.1.2:
version "1.1.2"
resolved "https://registry.yarnpkg.com/colors/-/colors-1.1.2.tgz#168a4701756b6a7f51a12ce0c97bfa28c084ed63"
integrity sha1-FopHAXVran9RoSzgyXv6KMCE7WM=
columnify@~1.5.4:
version "1.5.4"
resolved "https://registry.yarnpkg.com/columnify/-/columnify-1.5.4.tgz#4737ddf1c7b69a8a7c340570782e947eec8e78bb"
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment