Closed manugarg closed 1 year ago
The current version is already defined with ^
, so what's the point?
Yes, fair enough. I didn't realize it won't be an issue (haven't worked with package.json files before). The fact that postcss-load-config changes their minimum yaml version made me think that postcss-cli would need that too.
Earlier version depends on a yaml version that has a moderate security bug. See the following for more details: https://github.com/advisories/GHSA-f9xv-q969-pqx4