Liberty Liberty Liberty issue

Question

sorvis opened this issue 2 years ago · comments

Hello,

It appears that this package was vulnerable to the liberty liberty liberty patch.

Not sure if we need a PR in this repository to resolve the issue to pin a package dependency version?

Jiajing LU · Answer 1 · Tue Jan 11 2022 09:22:04 GMT+0800 (China Standard Time)

@sorvis Thanks for your issue!

I've pinned color.js to exact 1.4.0 and just released a new version 2.1.2. Would you please confirm this patch?

But it seems the problematic version has been removed from the npm registry.

Steven Orvis · Answer 2 · Tue Jan 11 2022 20:43:41 GMT+0800 (China Standard Time)

Working good now. Thank you for the help!