ci(netlify): fix malicious code published by Marak

`colors` package self-compromised with infinite loop zalgo
wopian · Jan 10, 2022 · 8980135 · 8980135 · wopian · Jan 10, 2022
1 parent 71ccad5
commit 8980135
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -53,7 +53,8 @@ jobs:
 
     - name: Deploy SPA
       if: success() && ${{ github.ref == 'refs/heads/master' }}
-      uses: netlify/actions/cli@6c34c3fcafc69ac2e1d6dbf226560329c6dfc51b
+      # uses: netlify/actions/cli@6c34c3fcafc69ac2e1d6dbf226560329c6dfc51b # Broken by Malak publishing malicious colors.js version
+      uses: wopian/netlify-actions-colors-fix/cli@e120165a3282ad303f0ee47593f13b15d935b7d6
       env:
         NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }}
         NETLIFY_SITE_ID: ${{ secrets.NETLIFY_SITE_ID }}