V4 postcss vulnerability

bholloway / resolve-url-loader

Webpack loader that resolves relative paths in url() statements based on the original source file

563 stars 72 forks source link

V4 postcss vulnerability #238

Open jeran-urban opened 2 months ago

jeran-urban commented 2 months ago

hello,

the postcss package has vulnerabilities below version 8.4.31, is there anyway that you can update the dependency for postcss from ^7.0.35 to ^8.4.31 and backport that to create a v 4.0.1? Any help would be much appreciated. Thank you.

jeran-urban commented 2 months ago

current workaround in package.json:

"overrides": {
    "resolve-url-loader":{
      "postcss": "^8.4.31"
    }
  }