Closed andrew-webster closed 3 years ago
postcss-js
uses ^8.1.6
as a version requirement for postcss
https://github.com/postcss/postcss-js/blob/main/package.json#L36
^8.1.6
means >= 8.1.6, < 9.0
, so it includes 8.2.10
. So we do not need to change postcss-js
.
You need to update deep dependencies by yarn upgrade
or npm upgrade
.
The version of postcss you are using is vulnerable. Please see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23368
Update to v8.2.10