Postcss vulnerability
wesleimarinho opened this issue · comments
I noticed a clean uninstall and install of the santiize-html fixes the vulnerability report.
Do you think we could reopen this one?
Snyk reports it as an issue down the dependency chain where https://github.com/Vannsl/vue-3-sanitize uses it and then I use vue3-sanitize. I'm not 100% on how yarn or Snyk determine which versions to use but explicitly setting this as > 8.4.25
in the root of the problem would surely help?
snyk looks at what's in your package-lock.json. npm update
your project.
Thanks @boutell I've tried a yarn upgrade
to update the yarn.lock
file but it didn't seem to fix it. I'll give it another go :(