From e5fa021a9a38a035124da3a2b80fd572046c068a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Juan=20Juli=C3=A1n=20Merelo=20Guerv=C3=B3s?=
 <jjmerelo@gmail.com>
Date: Sun, 9 Jan 2022 11:01:16 +0100
Subject: [PATCH 1/2] `colors.js` has issues

Mainly, this https://github.com/Marak/colors.js/issues/285 Latest version has been compromised. A  former maintainer, @dabh, has released this alternative 1.4.0 version
---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 94121b9..84f6345 100644
--- a/package.json
+++ b/package.json
@@ -26,7 +26,7 @@
     "prettier": "2.3.2"
   },
   "optionalDependencies": {
-    "colors": "^1.1.2"
+    "@dabh/colors": "^1.1.2"
   },
   "scripts": {
     "changelog": "lerna-changelog",

From 9079383556b853f814c7c016a9a2b76aeedefa9c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Juan=20Juli=C3=A1n=20Merelo=20Guerv=C3=B3s?=
 <jjmerelo@gmail.com>
Date: Sun, 9 Jan 2022 11:52:00 +0100
Subject: [PATCH 2/2] Pin to 1.4.0

Please bear in mind that, since this points to the old repo that's still compromised, it's not impossible to re-tag a new commit. So I think it's a good compromise solution, but probably not the best going forward. But then, that's the bread and butter of development, isn't it?
---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 84f6345..009790e 100644
--- a/package.json
+++ b/package.json
@@ -26,7 +26,7 @@
     "prettier": "2.3.2"
   },
   "optionalDependencies": {
-    "@dabh/colors": "^1.1.2"
+    "colors": "1.4.0"
   },
   "scripts": {
     "changelog": "lerna-changelog",