Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replace validate-color in color widget #7007

Closed
martinjagodic opened this issue Dec 6, 2023 · 0 comments · Fixed by #7009
Closed

Replace validate-color in color widget #7007

martinjagodic opened this issue Dec 6, 2023 · 0 comments · Fixed by #7009
Labels
good first issue pinned type: security code to address security issues

Comments

@martinjagodic
Copy link
Member

martinjagodic commented Dec 6, 2023
edited
Loading

This is the only place where it's used, so it should be easy to replace: https://github.com/decaporg/decap-cms/blob/master/packages/decap-cms-widget-colorstring/src/ColorControl.js#L134

There is also a vulnerability reported for validate-color when installing the latest version of decap-cms:

✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-JS-VALIDATECOLOR-2935878] in validate-color@2.2.4
    introduced by decap-cms-app@3.0.12 > decap-cms-widget-colorstring@3.0.2 > validate-color@2.2.4
  No upgrade or patch available

Originally posted by @kl-ma in #6513 (comment)
@martinjagodic martinjagodic added good first issue type: security code to address security issues pinned labels Dec 6, 2023
prasanthlouis added a commit to prasanthlouis/decap-cms that referenced this issue Dec 6, 2023
@prasanthlouis
decaporg#7007 Replace validate color with tiny color 2
f208d14
prasanthlouis added a commit to prasanthlouis/decap-cms that referenced this issue Dec 6, 2023
@prasanthlouis
decaporg#7007 Replace validate color with tiny color 2
63212d4
@prasanthlouis prasanthlouis mentioned this issue Dec 6, 2023
Merged
1 task
prasanthlouis added a commit to prasanthlouis/decap-cms that referenced this issue Dec 6, 2023
@prasanthlouis
decaporg#7007 Replace validate color with tiny color 2
438a5c0
prasanthlouis added a commit to prasanthlouis/decap-cms that referenced this issue Dec 6, 2023
@prasanthlouis
decaporg#7007 Replace validate color with tiny color 2
fe85658
martinjagodic pushed a commit that referenced this issue Dec 6, 2023
@prasanthlouis
fix(#7007): Replace validate color with tiny color 2 (#7009)
76b469c
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
good first issue pinned type: security code to address security issues
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(#7007) Replace validate color with tiny color 2 prasanthlouis/decap-cms
1 participant
@martinjagodic