Closed Ali-Zmn closed 5 months ago
Hi Ali,
If you look again at package.json
you'll see this is a semver (Semantic Versioning) rule. The "^" means "at least" that version, e.g. it will install the newest in the 8.x series. It does not install that specific version. We do not update package.json
every time a dependency releases an update, as long as the semantic versioning rule is correct.
(The version specified in package.json
is not 8.4.27
so I'm not sure where you got that number from)
Hi,
I was running some vulnerability checks on
sanitize-html
and saw you're usingpostcss@8.4.27
which has CVE-2023-44270. The vulnerability is fixed on 8.4.31 but the latest is 8.4.33. Wondering if you have any plans to adapt the new version.Thanks