PostCSS vulnerability - update package

erbelion / vite-plugin-laravel-purgecss

A Vite plugin that integrates PurgeCSS with Laravel template assets. Apart from Blade, it also supports frontend frameworks such as Svelte, Vue, React and Angular. It works well with Inertia.

MIT License

26 stars 4 forks source link

PostCSS vulnerability - update package #7

Closed kamilchojnicki closed 11 months ago

kamilchojnicki commented 11 months ago

The package uses PostCSS <8.4.31 as a dependency which has a vulnerability. Therefore Snaky.io reports a security concern. The information about it can be found there: https://security.snyk.io/vuln/SNYK-JS-POSTCSS-5926692

Please update the dependent packages that use postCSS to one that uses postCSS 8.4.31 or higher. It would also be great if you could update other packages as well.

Thank you

erbelion commented 11 months ago

thanks for letting know, i'll update everything in about a week

erbelion commented 11 months ago

@kamilchojnicki fixed in 0.2.3

remember to also upgrade postcss in your project after upgrading vite-plugin-laravel-purgecss