Update postcss dependency because of vulnerability

jescalan / autoprefixer-stylus

[UNMAINTAINED] Autoprefixer for stylus

Other

154 stars 15 forks source link

Update postcss dependency because of vulnerability #195

Open borriglione opened 2 years ago

borriglione commented 2 years ago

npm audit

postcss  7.0.0 - 7.0.35
Severity: moderate
Regular Expression Denial of Service in postcss - https://github.com/advisories/GHSA-hwj9-h5mp-3pm3
fix available via `npm audit fix --force`
Will install autoprefixer-stylus@0.14.0, which is a breaking change
node_modules/postcss
  autoprefixer-stylus  >=1.0.0
  Depends on vulnerable versions of postcss
  node_modules/autoprefixer-stylus

borriglione commented 2 years ago

I found this open PR https://github.com/jescalan/autoprefixer-stylus/pull/193 now and agree it seems not a real vulnerability. Anyway it would be nice to fix keep in sync with the latest postcss changes.