search

postcss / postcss-load-config

Autoload Config for PostCSS
MIT License
638 stars 71 forks source link

Vulnerability : Update yaml to v2.2.2 #243

Closed Neogeekmo closed 1 year ago

Neogeekmo commented 1 year ago

Details

Hello,

Snyk is reporting a security issue on package yaml which is part of your dependency :

─┬ postcss-load-config@4.0.1 
 └── yaml@2.2.1

Error (Logs|Stacks)

no logs

Reproduction (Code)

do npm ls yaml and it will print:

─┬ postcss-load-config@4.0.1 
 └── yaml@2.2.1

Environment

OS node npm/yarn package
OS: Linux 5.15 Debian GNU/Linux 11 (bullseye) 11 (bullseye) 18.15.0 I use PNPM: 8.1.0 but npm: 9.5.0 / yarn: 1.22.19 postcss-load-config@4.0.1 / postcss@8.4.21
ai commented 1 year ago

We are using ^ for yaml dependency.

Just update nested dependencies. For example, by pnpm update -R yaml

KTibow commented 1 year ago

nvm im stupid, i needed to delete my package-lock and reinstall for some reason