Skip to content

Commit de63d72

Browse files
committed
fix(deps): bump postcss to >=8.5.10 and patch brace-expansion (clear audit)
Resolves Dependabot GHSA-qx2v-qp2m-jg93 (postcss <8.5.10, CSS stringify XSS; build-time devDependency) by raising the floor to ^8.5.10 (resolves to 8.5.15). npm audit fix also patched a transitive brace-expansion ReDoS (GHSA-f886-m6hf-6m8v). npm audit now reports 0 vulnerabilities. 174 unit tests pass, production build clean.
1 parent 0c206bf commit de63d72

2 files changed

Lines changed: 12 additions & 12 deletions

File tree

package-lock.json

Lines changed: 11 additions & 11 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@
3030
"@vitest/coverage-v8": "^4.1.1",
3131
"autoprefixer": "^10.4.17",
3232
"eslint": "^8.57.0",
33-
"postcss": "^8.4.35",
33+
"postcss": "^8.5.10",
3434
"tailwindcss": "^3.4.1",
3535
"vite": "^8.0.5",
3636
"vitest": "^4.1.1"

0 commit comments

Comments
 (0)