Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

pin colors lib to 1.4.0 as it been hacked and version 1.4.1 is broken #3738

Closed
arelg opened this issue Jan 9, 2022 · 13 comments
Closed

pin colors lib to 1.4.0 as it been hacked and version 1.4.1 is broken #3738

arelg opened this issue Jan 9, 2022 · 13 comments

Comments

@arelg
Copy link

arelg commented Jan 9, 2022

Please read https://karma-runner.github.io/4.0/intro/troubleshooting.html first
Marak/colors.js#285 (comment)

@donmahallem
Copy link

No hack... just the author breaking his package on purpose. he did the same with faker.js

@arelg
Copy link
Author

arelg commented Jan 9, 2022

didnt know ty @YoniSegal for patching

@bouhady
Copy link

bouhady commented Jan 9, 2022

the problem also exists on 1.4.0 suddenly!
is there any workaround for libraries such as gulp-nodemon which is using this version as sub-dependencies?

@YoniSegal
Copy link

the problem also exists on 1.4.0 suddenly! is there any workaround for libraries such as gulp-nodemon which is using this version as sub-dependencies?

Are you sure you're using 1.4.0?
I'm not having any issues.

@YoniSegal
Copy link

didnt know ty @YoniSegal for patching

No problem.
I closed my PR because I've never contributed to an open source project and am not sure i'm doing it right.

The PR is trying to merge into master, but I want it to fix an issue at the v4.4.1 tag.

@XhmikosR
Copy link
Contributor

@jginsburgn this should be addressed sooner than later since it seems npm hasn't removed the offending colors versions.

@esskar
Copy link

esskar commented Jan 10, 2022

Please provide a quick fix with an update to 1.4.0

@RupprechJo
Copy link

Yes, this is really urgent, breaks all builds with karma on the CI Server

@donmahallem
Copy link

Can't you just add colors as dev dependency with pinned version to 1.4.0 as a temporary fix?

E.g.

npm install --save-dev --save-exact [email protected]

@sharif-elshobkshy
Copy link

sharif-elshobkshy commented Jan 10, 2022

Hello everyone.

Currently Karma is using the newest/latest "Colors" version.

https://github.com/karma-runner/karma/blob/master/package.json#L427
"colors": "^1.4.0"

If a new tag is created on "Colors", Karma will eventually update "Colors" to the newest (broken) version.

Shouldn't Karma fix the package on the latest working version (before the corrupted commits)?
"colors": "1.4.0"

Thanks.

@falsandtru
Copy link
Contributor

npm fixed colors and karma works well now.

@devoto13 devoto13 unpinned this issue Jan 21, 2022
@reduckted
Copy link

Looks like this was fixed in #3763 and releasd in v6.3.17.

@devoto13
Copy link
Collaborator

devoto13 commented Mar 4, 2022

Closing per above.

@devoto13 devoto13 closed this as completed Mar 4, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet