New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
update postcss #44
Comments
We don't actually include postcss as a dependency, so there's nothing for us to update here. postcss is listed as a peer dependency, meaning that the plugin will work for any version you pair it with, as long as it's within the same semver range (which happens to be 8.0.0 and up). Also, how does the PR relate to your request? |
The PR Fixed a Regular Expression Denial of Service. See https://www.npmjs.com/advisories/1693 If I understand it correctly, package-lock.json sets the dependency to a fixed version. The dependabot has also changed the dependency as in #43. |
You seem to be under a misapprehension of how |
Learned something again. Sorry for the issue and thanks for the explanation. |
Please Update postcss/postcss to the newest version (8.2.15).
postcss/postcss#1567
The text was updated successfully, but these errors were encountered: