PostCSS Upgrade
shamikulamin opened this issue · comments
The issue is in a transitive dependency. I need stylelint and stylelint-order to cut new releases that update their postcss version to >=8.2.10
stylelint@13.13.1 requires postcss@^7.0.32 via autoprefixer@9.8.6
stylelint@13.13.1 requires postcss@^7.0.14 via postcss-less@3.1.4
stylelint@13.13.1 requires postcss@^7.0.26 via postcss-safe-parser@4.0.2
stylelint@13.13.1 requires postcss@^7.0.21 via postcss-sass@0.4.4
stylelint@13.13.1 requires postcss@^7.0.6 via postcss-scss@2.1.1
stylelint@13.13.1 requires postcss@^7.0.2 via sugarss@2.0.0
stylelint@13.13.1 requires postcss@^7.0.35
stylelint-order@4.1.0 requires postcss@^7.0.17 via postcss-sorting@5.0.1
stylelint-order@4.1.0 requires postcss@^7.0.31
More info on the postcss upgrade in stylelint can be found here: stylelint/stylelint#4942 (comment)
PostCSS v7 was released with back-port of ReDoS fix. So stylelint users on current version of stylelint should see warning go away after running npm audit fix (it could take few days until npm audit will know about the fix).
This should be resolved in v8.0.0 and the soon to be released v9.0.0 versions of this project.