Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The project relies on colors.js with malicious code #19624

Closed
Tracked by #4307
shijiatongxue opened this issue Jan 10, 2022 · 4 comments · Fixed by #19622
Closed
Tracked by #4307

The project relies on colors.js with malicious code #19624

shijiatongxue opened this issue Jan 10, 2022 · 4 comments · Fixed by #19622
Labels
process: dependencies Related to internal dependencies type: bug

Comments

@shijiatongxue
Copy link

shijiatongxue commented Jan 10, 2022
edited

Current behavior

  • Bugs when run cypress cli

It's a known bug of colors

image

image

bugs here

  • cypress dependency

image

Desired behavior

everything is ok when run cypress

Test code to reproduce

run it MAY BE DANGER on local machine: npx cypress run

Cypress Version

9.2.0

Other

No response
@tzimmermann
Copy link

You can already upgrade cli-table3 to 0.6.1 in your lockfile to fix this.
They've released a fix with a pinned dep to colors@1.4.0.
cli-table/cli-table3#251

@jennifer-shehane
Copy link
Member

There’s a PR open to fix this. #19622 As mentioned above you can update the cli-table-3 dependency already to avoid this issue.

@jennifer-shehane jennifer-shehane mentioned this issue Jan 10, 2022
Merged
@jennifer-shehane jennifer-shehane added process: dependencies Related to internal dependencies type: bug labels Jan 10, 2022
@emilyrohrbough emilyrohrbough mentioned this issue Jan 10, 2022
Merged
5 tasks
@cypress-bot
Copy link
Contributor

cypress-bot bot commented Jan 10, 2022

The code for this is done in cypress-io/cypress#19622, but has yet to be released.
We'll update this issue and reference the changelog when it's released.

@nalandial nalandial mentioned this issue Jan 10, 2022
Closed
@cypress-bot
Copy link
Contributor

cypress-bot bot commented Jan 10, 2022

Released in 9.2.1.

This comment thread has been locked. If you are still experiencing this issue after upgrading to
Cypress v9.2.1, please open a new issue.

@cypress-bot cypress-bot bot locked as resolved and limited conversation to collaborators Jan 10, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
process: dependencies Related to internal dependencies type: bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: update cli-table dependency to fix broken colors.js JJ/cypress
3 participants
@tzimmermann @jennifer-shehane @shijiatongxue