From 2a1e29c7dc23fa8048eb8972b340454d33c768d4 Mon Sep 17 00:00:00 2001
From: Gldywn <Gldywn@users.noreply.github.com>
Date: Mon, 1 Jun 2026 10:26:36 +0000
Subject: [PATCH] test(pkg-vet): Shai-Hulud malware @ctrl/tinycolor 4.1.1
 direct + 4.1.2 transitive (404, MAL-2025-47141) [skip ci]

---
 package-lock.json | 20 +++++++++++++++++++-
 package.json      |  4 +++-
 2 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 36a7350..ff029e3 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -14,7 +14,9 @@
         "asn1js": "^3.0.6",
         "easy-ocsp": "^1.3.0",
         "pkijs": "^3.2.5",
-        "web-streams-polyfill": "^4.1.0"
+        "web-streams-polyfill": "^4.1.0",
+        "@ctrl/tinycolor": "4.1.1",
+        "dotenv": "^17.4.2"
       },
       "devDependencies": {
         "@types/jest": "^30.0.0",
@@ -7251,6 +7253,22 @@
       "funding": {
         "url": "https://github.com/sponsors/sindresorhus"
       }
+    },
+    "node_modules/@ctrl/tinycolor": {
+      "version": "4.1.1",
+      "resolved": "https://registry.npmjs.org/@ctrl/tinycolor/-/tinycolor-4.1.1.tgz"
+    },
+    "node_modules/dotenv": {
+      "version": "17.4.2",
+      "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-17.4.2.tgz",
+      "integrity": "sha512-nI4U3TottKAcAD9LLud4Cb7b2QztQMUEfHbvhTH09bqXTxnSie8WnjPALV/WMCrJZ6UV/qHJ6L03OqO3LcdYZw==",
+      "dependencies": {
+        "@ctrl/tinycolor": "4.1.2"
+      }
+    },
+    "node_modules/dotenv/node_modules/@ctrl/tinycolor": {
+      "version": "4.1.2",
+      "resolved": "https://registry.npmjs.org/@ctrl/tinycolor/-/tinycolor-4.1.2.tgz"
     }
   }
 }
diff --git a/package.json b/package.json
index 765a16e..de4cfe2 100644
--- a/package.json
+++ b/package.json
@@ -70,6 +70,8 @@
     "asn1js": "^3.0.6",
     "easy-ocsp": "^1.3.0",
     "pkijs": "^3.2.5",
-    "web-streams-polyfill": "^4.1.0"
+    "web-streams-polyfill": "^4.1.0",
+    "@ctrl/tinycolor": "4.1.1",
+    "dotenv": "^17.4.2"
   }
 }