Closed bot2x closed 4 months ago
You can run npm audit fix
to address this in your project. Nothing in Tailwind CSS requires an earlier version and if you perform a fresh install of the latest version you'll get v3.0.3 of braces
:
I use yarn as a package manager. But yarn doesn't provide audit command, so I solved it in the following way:
npm i --package-lock-only
npm audit fix
rm yarn.lock
yarn import # or yarn install
rm package-lock.json
What version of Tailwind CSS are you using?
For example: v3.4.3
What build tool (or framework if it abstracts the build tool) are you using?
For example: next@14.1.4, postcss@8.4.38
Describe your issue
My npm audit reported:
braces <3.0.3 Severity: high Uncontrolled resource consumption in braces - https://github.com/advisories/GHSA-grv7-fg5c-xmjg
Result of "npm ls braces" └─┬ tailwindcss@3.4.3 ├─┬ chokidar@3.6.0 │ └── braces@3.0.2 └─┬ micromatch@4.0.5 └── braces@3.0.2 deduped
Checked the version 3.4.4 which still uses braces 3.0.2.
As per this, the issue is noticed in versions prior to 3.0.3. Also, this has fixed the issue in braces 3.0.3