search

postcss / postcss-js

PostCSS for React Inline Styles, Free Style and other CSS-in-JS
MIT License
657 stars 25 forks source link

Dependency: Update postcss to 8.2.10 #52

Closed andrew-webster closed 3 years ago

andrew-webster commented 3 years ago

The version of postcss you are using is vulnerable. Please see:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23368

Update to v8.2.10

ai commented 3 years ago

postcss-js uses ^8.1.6 as a version requirement for postcss https://github.com/postcss/postcss-js/blob/main/package.json#L36

^8.1.6 means >= 8.1.6, < 9.0, so it includes 8.2.10. So we do not need to change postcss-js.

You need to update deep dependencies by yarn upgrade or npm upgrade.