upgrade dependencies in order to avoid vulnerabilities

[mykola-shkut]

after yarn audit I have 7 notification regarding vulnerabilities from postcss

could you fix it?

[hudochenkov]

It will be fixed once we migrate to PostCSS 8 #4942

[MaxKoldun]

It will be fixed once we migrate to PostCSS 8 #4942

Hi @hudochenkov, when are you going to migrate? I have the same problem.

[hudochenkov]

It's unknown. Because it's a lot of work. We need to migrate 200+ PostCSS plugins (every rule is PostCSS plugin). Help is always welcome.

[mykola-shkut]

fixed by this modufications

I'm not sure that this is right
but works for me )

[MaxKoldun]

It does not work with npm v7.10.0

[RopoMen]

Hi,

It's unknown. Because it's a lot of work. We need to migrate 200+ PostCSS plugins (every rule is PostCSS plugin). Help is always welcome.

Could you define the "core" plugins that needs to be migrated to postcss8. And then make new release from stylelint. And after that migrate "not so core" plugins to support postcss8?

[jeddy3]

And then make new release from stylelint. And after that migrate "not so core" plugins to support postcss8?

That's the plan.

It can be confusing because both Stylelint's built-in rules and plugins are PostCSS plugins behind the scenes.

We can release once all the 200+ built-in rules are migrated to PostCSS 8. The community members can then migrate their plugins. As @hudochenkov said, #4942 is the issue for this migration. It is currently blocked by #5297 (see the discussion in #5289), but will be unblocked soon.

Please consider contributing to any of the issues in the 14.0.0 tracking issues (#5205 (comment)). This is everything we need to do before releasing 14.0.0.