search

iunteq / tailwindcss-textshadow

A Utility Plugins for controlling Text Shadow of an element.
MIT License
76 stars 8 forks source link

Wondering if the dependencies will be upgraded for this plugin? #8

Open sgrobert opened 2 years ago

sgrobert commented 2 years ago

Hi there,

Though this is not a critical concern, I am just wondering whether there will be updates to the dependencies libraries for this plugin since Tailwindcss has successfully moved to v3 with updates to dependencies such as autoprefixer, postcss, purgecss, etc.

# npm audit report

postcss  <=8.2.12
Severity: moderate
Regular Expression Denial of Service in postcss - https://github.com/advisories/GHSA-hwj9-h5mp-3pm3
Regular Expression Denial of Service in postcss - https://github.com/advisories/GHSA-566m-qj78-rww5
No fix available
node_modules/postcss-functions/node_modules/postcss
node_modules/tailwindcss-textshadow/node_modules/@fullhuman/postcss-purgecss/node_modules/postcss
node_modules/tailwindcss-textshadow/node_modules/postcss
node_modules/tailwindcss-textshadow/node_modules/purgecss/node_modules/postcss
  @fullhuman/postcss-purgecss  2.0.3 - 3.0.0
  Depends on vulnerable versions of postcss
  Depends on vulnerable versions of purgecss
  node_modules/tailwindcss-textshadow/node_modules/@fullhuman/postcss-purgecss
    tailwindcss  0.1.0 - 2.2.0-canary.16
    Depends on vulnerable versions of @fullhuman/postcss-purgecss
    Depends on vulnerable versions of autoprefixer
    Depends on vulnerable versions of postcss
    Depends on vulnerable versions of postcss-functions
    Depends on vulnerable versions of postcss-nested
    node_modules/tailwindcss-textshadow/node_modules/tailwindcss
      tailwindcss-textshadow  *
      Depends on vulnerable versions of tailwindcss
      node_modules/tailwindcss-textshadow
  autoprefixer  1.0.20131222 - 9.8.8
  Depends on vulnerable versions of postcss
  node_modules/tailwindcss-textshadow/node_modules/autoprefixer
  postcss-functions  <=3.0.0
  Depends on vulnerable versions of postcss
  node_modules/postcss-functions
  postcss-js  <=2.0.3
  Depends on vulnerable versions of postcss
  node_modules/tailwindcss-textshadow/node_modules/postcss-js
  postcss-nested  <=4.2.3
  Depends on vulnerable versions of postcss
  node_modules/tailwindcss-textshadow/node_modules/postcss-nested
  purgecss  2.0.1-beta.0 - 3.0.0
  Depends on vulnerable versions of postcss
  node_modules/tailwindcss-textshadow/node_modules/purgecss

9 moderate severity vulnerabilities

Looking forward to the potential update if it is in the pipeline.

Cheers!

tycrek commented 1 year ago

I forked the project and updated the dependencies since I also wanted to clear those warnings. Can find it here: https://github.com/TinyCreek/tailwindcss-textshadow