Postcss vulnerability - Githubissues

apostrophecms / sanitize-html

Clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis. Built on htmlparser2 for speed and tolerance

MIT License

3.68k stars 349 forks source link

Postcss vulnerability #635

Closed wesleimarinho closed 8 months ago

wesleimarinho commented 8 months ago

When using this package, npm audit reports a vulnerability with Postcss:

wesleimarinho commented 8 months ago

I noticed a clean uninstall and install of the santiize-html fixes the vulnerability report.

randompixel commented 7 months ago

Do you think we could reopen this one?

Snyk reports it as an issue down the dependency chain where https://github.com/Vannsl/vue-3-sanitize uses it and then I use vue3-sanitize. I'm not 100% on how yarn or Snyk determine which versions to use but explicitly setting this as > 8.4.25 in the root of the problem would surely help?

boutell commented 7 months ago

snyk looks at what's in your package-lock.json. npm update your project.

randompixel commented 7 months ago

Thanks @boutell I've tried a yarn upgrade to update the yarn.lock file but it didn't seem to fix it. I'll give it another go :(