vuejs / component-compiler-utils

Lower level utilities for compiling Vue single file components
321 stars 75 forks source link

CVE-2023-44270 on package dependencies #136

Open BulatSa opened 11 months ago

BulatSa commented 11 months ago

Hello, i have alert from scanning about dependencie postcss. component-compiler-utils use "postcss": "^7.0.36", but "id":"CVE-2023-44270","package":"postcss","version":"7.0.39","fix_version":"8.4.31","severity":"Medium"

Please update to postcss@8.4.31

KonRatt commented 11 months ago

See also #122

planetchili commented 11 months ago

Seconding this request

3zzy commented 11 months ago

+1

brock-rb2t commented 10 months ago

samsies. seconding this

SebasAnasco1517 commented 10 months ago

Seconding the request. Is this project still maintained?

g-scalvini commented 8 months ago

Any update regarding this issue? Over 3 months are passed...

Gabrieltrinidad0101 commented 7 months ago

+1

waruyama commented 5 months ago

I would be really nice to have this one final update. All other subpackages of @vue/cli-service@5.0.8 are using the newer postcss version 8.4.31.

Updating the version of postcss in package.json and releasing a new minor version would make quite a few maintainers of legacy Vue apps happy. `

kly-htun commented 2 months ago

Hello, Any update package yet? Seconding this request

mikkowsx commented 1 month ago

Any updates? Seconding this...