-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pin colors lib to 1.4.0 as it been hacked and version 1.4.1 is broken #3738
Comments
No hack... just the author breaking his package on purpose. he did the same with faker.js |
didnt know ty @YoniSegal for patching |
the problem also exists on 1.4.0 suddenly! |
Are you sure you're using 1.4.0? |
No problem. The PR is trying to merge into master, but I want it to fix an issue at the v4.4.1 tag. |
@jginsburgn this should be addressed sooner than later since it seems npm hasn't removed the offending colors versions. |
Please provide a quick fix with an update to 1.4.0 |
Yes, this is really urgent, breaks all builds with karma on the CI Server |
Can't you just add colors as dev dependency with pinned version to 1.4.0 as a temporary fix? E.g.
|
The author of the colors package purpose broke this package. See: https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/ and Marak/colors.js#285 Closes karma-runner#3738
The author of the colors package purpose broke this package. See: https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/ and Marak/colors.js#285 Closes karma-runner#3738
The author of the colors package purpose broke this package. See: https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/ and Marak/colors.js#285 Closes karma-runner#3738
Hello everyone. Currently Karma is using the newest/latest "Colors" version. https://github.com/karma-runner/karma/blob/master/package.json#L427 If a new tag is created on "Colors", Karma will eventually update "Colors" to the newest (broken) version. Shouldn't Karma fix the package on the latest working version (before the corrupted commits)? Thanks. |
npm fixed colors and karma works well now. |
Looks like this was fixed in #3763 and releasd in v6.3.17. |
Closing per above. |
Please read https://karma-runner.github.io/4.0/intro/troubleshooting.html first
Marak/colors.js#285 (comment)
The text was updated successfully, but these errors were encountered: