Update postcss
suharelli opened this issue · comments
Evgeny Sukharnikov commented
Current version used by sanitize-html has vulnerabilities
Robert Means commented
Hi @suharelli
If you look again at package.json you'll see this is a semver (Semantic Versioning) rule. The "^" means "at least" that version, e.g. it will install the newest in the 8.x series. It does not install that specific version. We do not update package.json every time a dependency releases an update, as long as the semantic versioning rule is correct.
Thanks,
Bob