From a5219c52e2515248eefae4fe1863ac8ad3fdd43b Mon Sep 17 00:00:00 2001
From: Sergei Startsev <ai@programist.ru>
Date: Mon, 10 Jan 2022 02:07:11 +0100
Subject: [PATCH] fix(deps): pin colors package to 1.4.0 due to security
 vulnerability

---
 package-lock.json | 2 +-
 package.json      | 5 ++++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 8929131c1..2691033eb 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -5211,7 +5211,7 @@
         "body-parser": "^1.19.0",
         "braces": "^3.0.2",
         "chokidar": "^3.5.1",
-        "colors": "^1.4.0",
+        "colors": "1.4.0",
         "connect": "^3.7.0",
         "di": "^0.0.1",
         "dom-serialize": "^2.2.1",
diff --git a/package.json b/package.json
index a6a67fe29..7b20277a6 100644
--- a/package.json
+++ b/package.json
@@ -420,11 +420,14 @@
     "chalkerx@gmail.com>",
     "weiran.zsd@outlook.com>"
   ],
+  "overrides": {
+    "colors": "1.4.0"
+  },
   "dependencies": {
     "body-parser": "^1.19.0",
     "braces": "^3.0.2",
     "chokidar": "^3.5.1",
-    "colors": "^1.4.0",
+    "colors": "1.4.0",
     "connect": "^3.7.0",
     "di": "^0.0.1",
     "dom-serialize": "^2.2.1",