Open Shramkoweb opened 2 years ago
Did you find a decent fix for this? In the past I managed to override postcss used, but I'm now getting
npm ERR! code EOVERRIDE
npm ERR! Override for postcss@^8.4.16 conflicts with direct dependency
Did you find a decent fix for this? In the past I managed to override postcss used, but I'm now getting
npm ERR! code EOVERRIDE npm ERR! Override for postcss@^8.4.16 conflicts with direct dependency
No. Unfortunately, I am waiting for a fix.
Do you want to request a feature, report a bug or ask a question? Security issue.
What is the current behavior?
The package postcss versions before 7.0.36 or between 8.0.0 and 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern /\s sourceMappingURL=(.*).
svg-sprite-loader@6.0.11
requirespostcss@^5.2.17
viasvg-baker@1.7.0
Please tell us about your environment: