search

jonkemp / inline-css

Inline css into an html file.
MIT License
429 stars 85 forks source link

Migrate from superagent to axios #127

Closed codeshake closed 7 months ago

codeshake commented 9 months ago

Hi! I've tried to import the inline-css into our project, but I've had a few problems with a Vite.

I can't make a bundle by importing inline-css into it. extract-css uses old superagent -> vm2, which tries to load bridge.js (and other scripts) dynamically: yep, it loads files via fs-require 🫤

Here, Axios is the better solution.

Also, we are cannot pass a CI security test.

npm audit
# npm audit report

vm2  *
Severity: critical
vm2 Sandbox Escape vulnerability - https://github.com/advisories/GHSA-cchq-frgv-rjh5
vm2 Sandbox Escape vulnerability - https://github.com/advisories/GHSA-g644-9gfx-q4q4
fix available via `npm audit fix --force`
Will install inline-css@3.0.0, which is a breaking change
node_modules/vm2
  degenerator  3.0.0 - 4.0.4
  Depends on vulnerable versions of vm2
  node_modules/degenerator
    pac-resolver  5.0.0 - 6.0.2
    Depends on vulnerable versions of degenerator
    node_modules/pac-resolver
      pac-proxy-agent  5.0.0 - 6.0.4
      Depends on vulnerable versions of pac-resolver
      node_modules/pac-proxy-agent
        proxy-agent  5.0.0 - 6.2.2
        Depends on vulnerable versions of pac-proxy-agent
        node_modules/proxy-agent
          superagent-proxy  >=3.0.0
          Depends on vulnerable versions of proxy-agent
          node_modules/superagent-proxy
            remote-content  >=3.0.0
            Depends on vulnerable versions of superagent-proxy
            node_modules/remote-content
              href-content  >=2.0.1
              Depends on vulnerable versions of remote-content
              node_modules/href-content
                extract-css  >=2.0.1
                Depends on vulnerable versions of href-content
                node_modules/extract-css
                  inline-css  >=4.0.0
                  Depends on vulnerable versions of extract-css
                  node_modules/inline-css

10 critical severity vulnerabilities

All tests (63) were passed with proxies too.

jonkemp commented 9 months ago

I think this looks good. It's a busy time for many right now, but I will do my best to merge this and release it as soon as I can.

In the future, please read and follow the contributing guidelines. Thank you.

https://github.com/jonkemp/inline-css/blob/master/CONTRIBUTING.md

soknifedev commented 7 months ago

Really looking forward to this being merged! Let's push it through! 🌟