fix: update to @dabh/colors for security vuln

A Security Vuln was identified in the Colors package for >1.4.0, offending packages being `1.4.1`, `1.4.44-liberty` - [source1](https://twitter.com/snyksec/status/1480286811482206216?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Etweet) - [source2](https://twitter.com/snyksec/status/1480286811482206216?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Etweet) - [source3](https://security.snyk.io/vuln/SNYK-JS-COLORS-2331906) This PR updates the color package to using [@dabh/colors](https://www.npmjs.com/package/@dabh/colors) as stated on this [colors issue sintaxi#317](Marak/colors.js#317 (comment)) which is a safe alternative.
agentmishra · Jan 13, 2022 · 13dadb5 · 13dadb5
1 parent 6128a96
commit 13dadb5
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/package.json b/package.json
@@ -22,7 +22,8 @@
     "Jurgen Van de Moere <[email protected]>",
     "Marco Emrich <[email protected]>",
     "Roger K <[email protected]>",
-    "Claus Colloseus <[email protected]>"
+    "Claus Colloseus <[email protected]>",
+    "mannyluvstacos <[email protected]>"
   ],
   "keywords": [
     "static web server",
@@ -45,7 +46,7 @@
     "async": "0.2.9",
     "basic-auth": "^2.0.1",
     "boxt": "^1.0.0",
-    "colors": "^1.4.0",
+    "@dabh/colors": "^1.4.0",
     "connect": "^3.6.6",
     "envy-json": "0.2.1",
     "fs-extra": "1.x",