Pin colors package to 1.4.0 due to Security Vuln (#2008)

A Security Vuln was identified in the Colors package for >1.4.0, offending packages being `1.4.1`, `1.4.44-liberty`

This PR pins the color package to `1.4.0`

Author: MannyPamintuanWorkAccount

package.json

@@ -43,7 +43,7 @@
     "@types/node": "^16.11.12",
     "abstract-winston-transport": "^0.5.1",
     "assume": "^2.2.0",
-    "colors": "^1.4.0",
+    "colors": "1.4.0",
     "cross-spawn-async": "^2.2.5",
     "eslint-config-populist": "^4.2.0",
     "hock": "^1.4.1",