RyanZim
commented
1 year ago The current version is already defined with ^, so what's the point?
Closed manugarg closed 1 year ago
RyanZim
commented
1 year ago The current version is already defined with ^, so what's the point?
manugarg
commented
1 year ago Yes, fair enough. I didn't realize it won't be an issue (haven't worked with package.json files before). The fact that postcss-load-config changes their minimum yaml version made me think that postcss-cli would need that too.
Earlier version depends on a yaml version that has a moderate security bug. See the following for more details: https://github.com/advisories/GHSA-f9xv-q969-pqx4