Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security] Upgrade postcss to 8.2.10 or later #3251

Closed
wants to merge 1 commit into from

Conversation

kantuni
Copy link
Collaborator

@kantuni kantuni commented May 11, 2021

Details: CVE-2021-23368

@kantuni kantuni requested a review from a team May 11, 2021 18:37
@kantuni
Copy link
Collaborator Author

kantuni commented May 12, 2021

There is an open issue in CRA. Once that's resolved, the problem with the build will be gone.

@stale
Copy link

stale bot commented May 26, 2021

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale label May 26, 2021
@stale stale bot closed this May 27, 2021
@kantuni kantuni reopened this May 31, 2021
@stale stale bot removed the stale label May 31, 2021
@stale
Copy link

stale bot commented Jun 14, 2021

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale label Jun 14, 2021
@stale stale bot closed this Jun 15, 2021
@kmcgrady kmcgrady reopened this Jun 15, 2021
@stale stale bot removed the stale label Jun 15, 2021
@kajarenc
Copy link
Collaborator

kajarenc commented Jul 1, 2021

CRA promises that this will be fixed with CRA 4.1 "very soon"
facebook/create-react-app#9664 (comment)

@kantuni kantuni changed the title [Security] Upgrade postcss to 8.2.10 or later [Security] Upgrade postcss to 8.2.10 or later Sep 24, 2021
@kmcgrady
Copy link
Collaborator

closing this as stale for now. We should do an update of important dependabots on a regular cadence. Working with security on this.

@kmcgrady kmcgrady closed this Dec 27, 2021
@vdonato vdonato deleted the security/postcss branch June 2, 2023 18:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants