Closed jstirnaman closed 2 years ago
postcss-cli only depends on ansi-regex via a development dependency, ava
, so this shouldn't even affect production code. Furthermore, regular expression vulnerabilities wouldn't affect our usage here AFAIK. Closing as wontfix.
CVE-2021-3807 moderate severity Vulnerable versions: < 6.0.1 Patched version: 6.0.1 ansi-regex is vulnerable to Inefficient Regular Expression Complexity