Postcss vulnerability

Question

Postcss vulnerability

wesleimarinho opened this issue 7 months ago · comments

Weslei A. de T. Marinho commented 7 months ago

When using this package, npm audit reports a vulnerability with Postcss:

Weslei A. de T. Marinho · Answer 1 · Mon Nov 06 2023 21:42:43 GMT+0800 (China Standard Time)

I noticed a clean uninstall and install of the santiize-html fixes the vulnerability report.

David Harper · Answer 2 · Fri Nov 17 2023 20:39:18 GMT+0800 (China Standard Time)

Do you think we could reopen this one?

Snyk reports it as an issue down the dependency chain where https://github.com/Vannsl/vue-3-sanitize uses it and then I use vue3-sanitize. I'm not 100% on how yarn or Snyk determine which versions to use but explicitly setting this as > 8.4.25 in the root of the problem would surely help?

Tom Boutell · Answer 3 · Sat Nov 18 2023 00:10:51 GMT+0800 (China Standard Time)

snyk looks at what's in your package-lock.json. npm update your project.

David Harper · Answer 4 · Sat Nov 18 2023 00:23:51 GMT+0800 (China Standard Time)

Thanks @boutell I've tried a yarn upgrade to update the yarn.lock file but it didn't seem to fix it. I'll give it another go :(