Closed zmagauina-fn closed 2 years ago
npm actually now reports 2 security vulnerabilities related to postcss-extend-rule due to the outdated PostCSS dependency. The issue is patched in PostCSS >= 8.2.10. Here is some more info:
Regular Expression Denial of Service postcss-extend-rule > postcss postcss-extend-rule > postcss-nesting > postcss https://npmjs.com/advisories/1693
This was released as 4.0.0
Postcss 8 is out, this is its migration guide. Are there any plans to update this?