From bf56570ff6ce78b9fc06a9ac63399084c2e085dc Mon Sep 17 00:00:00 2001
From: Alan Agius <alan.agius4@gmail.com>
Date: Mon, 10 Jan 2022 16:26:02 +0100
Subject: [PATCH] fix: replace `colors` with `ansi-colors`

The author of the colors package purpose broke this package.

See: https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/ and https://github.com/Marak/colors.js/issues/285

Closes #3738
---
 lib/reporters/base_color.js | 24 ++++++++++++------------
 package.json                |  2 +-
 2 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/lib/reporters/base_color.js b/lib/reporters/base_color.js
index cfe572a6c..64ae41da2 100644
--- a/lib/reporters/base_color.js
+++ b/lib/reporters/base_color.js
@@ -1,23 +1,23 @@
-require('colors')
+const color = require('ansi-colors')
 
 function BaseColorReporter () {
   this.USE_COLORS = true
 
-  this.LOG_SINGLE_BROWSER = '%s: ' + '%s'.cyan + '\n'
-  this.LOG_MULTI_BROWSER = '%s %s: ' + '%s'.cyan + '\n'
+  this.LOG_SINGLE_BROWSER = '%s: ' + color.cyan('%s') + '\n'
+  this.LOG_MULTI_BROWSER = '%s %s: ' + color.cyan('%s') + '\n'
 
-  this.SPEC_FAILURE = '%s %s FAILED'.red + '\n'
-  this.SPEC_SLOW = '%s SLOW %s: %s'.yellow + '\n'
-  this.ERROR = '%s ERROR'.red + '\n'
+  this.SPEC_FAILURE = color.red('%s %s FAILED') + '\n'
+  this.SPEC_SLOW = color.yellow('%s SLOW %s: %s') + '\n'
+  this.ERROR = color.red('%s ERROR') + '\n'
 
-  this.FINISHED_ERROR = ' ERROR'.red
-  this.FINISHED_SUCCESS = ' SUCCESS'.green
-  this.FINISHED_DISCONNECTED = ' DISCONNECTED'.red
+  this.FINISHED_ERROR = color.red(' ERROR')
+  this.FINISHED_SUCCESS = color.green(' SUCCESS')
+  this.FINISHED_DISCONNECTED = color.red(' DISCONNECTED')
 
-  this.X_FAILED = ' (%d FAILED)'.red
+  this.X_FAILED = color.red(' (%d FAILED)')
 
-  this.TOTAL_SUCCESS = 'TOTAL: %d SUCCESS'.green + '\n'
-  this.TOTAL_FAILED = 'TOTAL: %d FAILED, %d SUCCESS'.red + '\n'
+  this.TOTAL_SUCCESS = color.green('TOTAL: %d SUCCESS') + '\n'
+  this.TOTAL_FAILED = color.red('TOTAL: %d FAILED, %d SUCCESS') + '\n'
 }
 
 // PUBLISH
diff --git a/package.json b/package.json
index 64fe2363a..aeabb4eb0 100644
--- a/package.json
+++ b/package.json
@@ -359,10 +359,10 @@
     "Karol Fabjańczuk <karol.fabjanczuk@lemondemon.pl>"
   ],
   "dependencies": {
+    "ansi-colors": "^4.1.1",
     "bluebird": "^3.3.0",
     "body-parser": "^1.16.1",
     "chokidar": "^2.0.3",
-    "colors": "^1.1.0",
     "combine-lists": "^1.0.0",
     "connect": "^3.6.0",
     "core-js": "^2.2.0",