search

constverum / stylelint-config-rational-order

Stylelint config that sorts related property declarations by grouping together in the rational order :vertical_traffic_light:
Apache License 2.0
449 stars 53 forks source link

Update stylelint version to fix vulnerabilities #39

Open doasync opened 4 years ago

doasync commented 4 years ago 
yarn audit v1.22.4
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ low           │ Prototype Pollution                                          │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ yargs-parser                                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=13.1.2 <14.0.0 || >=15.0.1 <16.0.0 || >=18.1.2             │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ stylelint-config-rational-order                              │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ stylelint-config-rational-order > stylelint > meow >         │
│               │ yargs-parser                                                 │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://www.npmjs.com/advisories/1500                        │
└───────────────┴──────────────────────────────────────────────────────────────┘
fsmaia commented 2 years ago

This lib also has a vulnerability on glob-parent, which can be solved by updating stylelint version.

kamilkazmierczakMtab commented 2 years ago

along with trim and trim-newlines