Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2023-44270 on package dependencies #136

Open
BulatSa opened this issue Nov 20, 2023 · 10 comments
Open

CVE-2023-44270 on package dependencies #136

BulatSa opened this issue Nov 20, 2023 · 10 comments

Comments

@BulatSa
Copy link

BulatSa commented Nov 20, 2023

Hello, i have alert from scanning about dependencie postcss.
component-compiler-utils use "postcss": "^7.0.36", but
"id":"CVE-2023-44270","package":"postcss","version":"7.0.39","fix_version":"8.4.31","severity":"Medium"

Please update to postcss@8.4.31
@KonRatt
Copy link

KonRatt commented Nov 22, 2023

See also #122

@planetchili
Copy link

Seconding this request

@3zzy
Copy link

3zzy commented Dec 8, 2023

+1

@brock-rb2t
Copy link

samsies. seconding this

@SebasAnasco1517
Copy link

Seconding the request. Is this project still maintained?

@g-scalvini
Copy link

g-scalvini commented Mar 5, 2024
edited
Loading

Any update regarding this issue? Over 3 months are passed...

@evanwills evanwills mentioned this issue Mar 18, 2024
Open
@Gabrieltrinidad0101

This comment was marked as duplicate.

Sign in to view
@waruyama
Copy link

waruyama commented Jun 5, 2024

I would be really nice to have this one final update. All other subpackages of @vue/cli-service@5.0.8 are using the newer postcss version 8.4.31.

Updating the version of postcss in package.json and releasing a new minor version would make quite a few maintainers of legacy Vue apps happy.
`

@kly-htun
Copy link

Hello, Any update package yet?
Seconding this request

@mikkowsx
Copy link

Any updates? Seconding this...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests