Closed Sammii closed 2 years ago
Hi @Sammii thanks for raising this issue. We'll look into this issue, however, as post css is used at build time - I don't think this vulnerability poses much danger.
If you are having problems with create-contentful-extension
I'd encourage you to instead try using create contentful app which is what we suggest you when working with Contentful's app framework
htmlnano
< 1.0.0 has a transitive security vulnerability frompostcss
. Details about the security vulnerability: https://github.com/advisories/GHSA-hwj9-h5mp-3pm3htmlnano
upgraded their dependency to the patched version in: https://github.com/posthtml/htmlnano/commit/f05c7806839fd1cb7141b75b6e844091a859843a (purgecss
updated their dependency starting in v3.1.0, see https://github.com/FullHuman/purgecss/commit/72302ffa475a2f74af4211c5a3caa70f2de4abfd)Please upgrade the
htmlnano
dependency to v1.0.0 or higher.