diff --git a/CHANGELOG.md b/CHANGELOG.md
index 190435040..36eee8db1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -18,6 +18,8 @@ Please see [CONTRIBUTING.md](https://github.com/cucumber/cucumber/blob/master/CO
    [Issue#1869](https://github.com/cucumber/cucumber-js/issues/1869))
 - Allows for parentheses in paths for developers working on cucumber's own code ([[#1735](https://github.com/cucumber/cucumber-js/issues/1735)])
 - Smoother onboarding for Windows developers ([#1863](https://github.com/cucumber/cucumber-js/pull/1863))
+- Pin `colors` to `1.4.0` to fix security vulnerability ([#1884](https://github.com/cucumber/cucumber-js/issues/1884))
+- Pin `cli-table3` to `0.6.1` to fix security vulnerability ([#251](https://github.com/cli-table/cli-table3/pull/251))
 
 ### Added
 - Export cucumber version number. It is now possible to retrieve the current version
diff --git a/package.json b/package.json
index 3237bd89f..af5f8a288 100644
--- a/package.json
+++ b/package.json
@@ -99,6 +99,7 @@
     "Lukas Degener <l.degener@tarent.de>",
     "Łukasz Gandecki <lgandecki@css.edu>",
     "M.P. Korstanje <mpkorstanje@users.noreply.github.com>",
+    "mannyluvstacos <mannyis@typingona.computer>",
     "Marat Dyatko <vectart@gmail.com>",
     "Marc Burton <marc.burton@first-utility.com>",
     "Marcel Hoyer <mhoyer@pixelplastic.de>",
@@ -193,8 +194,8 @@
     "@cucumber/tag-expressions": "4.1.0",
     "assertion-error-formatter": "^3.0.0",
     "capital-case": "^1.0.4",
-    "cli-table3": "^0.6.0",
-    "colors": "^1.4.0",
+    "cli-table3": "0.6.1",
+    "colors": "1.4.0",
     "commander": "^8.0.0",
     "duration": "^0.2.2",
     "durations": "^3.4.2",