Skip to content
This repository has been archived by the owner on Sep 26, 2024. It is now read-only.

Build broken due to update of "colors" package #385

Closed
mnahkies opened this issue Jan 10, 2022 · 2 comments
Closed

Build broken due to update of "colors" package #385

mnahkies opened this issue Jan 10, 2022 · 2 comments
Assignees
@bcoe
Labels
priority: p3 Desirable enhancement or fix. May not be included in next release. type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design.

Comments

@mnahkies
Copy link

mnahkies commented Jan 10, 2022
edited
Loading

The release #384 containing a security fix (#382) appears to be blocked by CI due to the sabotaged colors package having updated (Marak/colors.js#285)

I notice that this repository doesn't have a package-lock.json or yarn.lock file in it - should one be added to help avoid this kind of unexpected breakage in future?
@SurferJeffAtGoogle
Copy link
Contributor

There are trade offs for checking in the package-lock.json. Paging @bcoe for an explanation.

@SurferJeffAtGoogle SurferJeffAtGoogle added priority: p3 Desirable enhancement or fix. May not be included in next release. type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design. labels Jan 10, 2022
@bcoe
Copy link
Contributor

bcoe commented Jan 11, 2022

the bad release of colors was rolled back on the weekend by npm/GitHub, which unblocked #384. Security patch should be out in the wild.

@bcoe bcoe closed this as completed Jan 11, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@bcoe bcoe

Labels
priority: p3 Desirable enhancement or fix. May not be included in next release. type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bcoe @mnahkies @SurferJeffAtGoogle