Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixed version without corrupted colors.js version released #155

Closed
2 tasks done
Cordobo opened this issue Jan 12, 2022 · 1 comment
Closed
2 tasks done

Fixed version without corrupted colors.js version released #155

Cordobo opened this issue Jan 12, 2022 · 1 comment
Assignees
@Cordobo
Milestone
13.0.3

Comments

@Cordobo
Copy link
Owner

Cordobo commented Jan 12, 2022
edited
Loading

The underlying lib qrcode has a dependency of the lib colors.js which was corrupted on purpose by its author [1]. Read the article Dev corrupts NPM libs 'colors' and 'faker' breaking thousands of apps by BleepingComputer.

As the author of the original qrcode dependency currently has no time to release a fixed version, I forked [2] the qrcode lib and bumped the dependency to a fixed version [3].

  • angularx-qrcode 13.0.3 was released today with a fork of the lib, which makes no use of the affected colors.js versions.
  • The dependency will be switched back the moment there is a fix released.

[1] colors.js
https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/

[2] The used fork is located here:
https://github.com/Cordobo/node-qrcode

[3] Commit changes
Cordobo/node-qrcode@e09bcd3
@Cordobo Cordobo self-assigned this Jan 12, 2022
@Cordobo Cordobo added this to the 13.0.3 milestone Jan 12, 2022
@Cordobo Cordobo closed this as completed Jan 12, 2022
@Cordobo Cordobo changed the title fix: colors.js fix: release version without affected colors.js version Jan 12, 2022
@Cordobo Cordobo pinned this issue Jan 12, 2022
@Cordobo Cordobo changed the title fix: release version without affected colors.js version Fixed version without corrupted colors.js version released Jan 12, 2022
@Cordobo Cordobo mentioned this issue Mar 28, 2022
Closed
@Cordobo Cordobo mentioned this issue Nov 18, 2022
Closed
2 tasks
@Cordobo
Copy link
Owner Author

Cordobo commented Nov 18, 2022

This fix was reverted in angularx-qrcode 15.

@Cordobo Cordobo unpinned this issue Nov 18, 2022
@Cordobo Cordobo mentioned this issue Jan 23, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Cordobo Cordobo

Labels
None yet
Projects
None yet
Milestone
13.0.3
Development

No branches or pull requests
1 participant
@Cordobo