I've noticed the security issues and one of them is with lodash, which
we pull in via uncss. gulp-uncss brings in an old version of uncss
and is no longer maintained, the recommendation is to use gulp-postcss
instead. gulp-postcss seemed too complex for what we're trying to do
here. So I opted to use purgecss via gulp-purgecss. The resulting
CSS is not as small as the one done with uncss: 57870 (purgecss) vs
45405 (uncss) bytes. But who's splitting hairs, seems to work and we
no longer depend on a vulnerable version of lodash.
I've noticed the security issues and one of them is with
lodash
, which we pull in via uncss.gulp-uncss
brings in an old version ofuncss
and is no longer maintained, the recommendation is to usegulp-postcss
instead.gulp-postcss
seemed too complex for what we're trying to do here. So I opted to usepurgecss
viagulp-purgecss
. The resulting CSS is not as small as the one done withuncss
: 57870 (purgecss
) vs 45405 (uncss
) bytes. But who's splitting hairs, seems to work and we no longer depend on a vulnerable version oflodash
.@kahboom WDYT?