PXG-1351: fix moderate security vulnerability in postcss by upgrading stylelint by hanllo · Pull Request #151 · ourfuturehealth/design-system-toolkit

hanllo · 2025-04-15T14:56:22Z

Fixes last moderate vulnerability according to npm audit:

postcss  <8.4.31
Severity: moderate
PostCSS line return parsing error - https://github.com/advisories/GHSA-7fh5-64p2-3v2j
fix available via `npm audit fix --force`
Will install stylelint-order@6.0.4, which is a breaking change
node_modules/postcss
  autoprefixer  1.0.20131222 - 9.8.8
  Depends on vulnerable versions of postcss
  node_modules/autoprefixer
    stylelint  0.1.0 - 13.13.1
    Depends on vulnerable versions of autoprefixer
    Depends on vulnerable versions of postcss
    Depends on vulnerable versions of postcss-less
    Depends on vulnerable versions of postcss-safe-parser
    Depends on vulnerable versions of postcss-sass
    Depends on vulnerable versions of postcss-scss
    Depends on vulnerable versions of sugarss
    node_modules/stylelint
      stylelint-order  <=4.1.0
      Depends on vulnerable versions of postcss
      Depends on vulnerable versions of postcss-sorting
      Depends on vulnerable versions of stylelint
      node_modules/stylelint-order
      stylelint-scss  0.0.0-alpha.1 || 1.0.0 - 3.21.0
      Depends on vulnerable versions of stylelint
      node_modules/stylelint-scss
  postcss-less  <=3.1.4
  Depends on vulnerable versions of postcss
  node_modules/postcss-less
  postcss-safe-parser  <=4.0.2
  Depends on vulnerable versions of postcss
  node_modules/postcss-safe-parser
  postcss-sass  <=0.4.4
  Depends on vulnerable versions of postcss
  node_modules/postcss-sass
  postcss-scss  <=2.1.1
  Depends on vulnerable versions of postcss
  node_modules/postcss-scss
  postcss-sorting  <=5.0.1
  Depends on vulnerable versions of postcss
  node_modules/postcss-sorting
  sugarss  <=2.0.0
  Depends on vulnerable versions of postcss
  node_modules/sugarss

Achieved by upgrading stylelint one major version which then needed a lot of little lint fixes
Majority of changes are simple whitespace changes
Some more interesting ones:
- changing if $something == null to if not $something: https://github.com/stylelint-scss/stylelint-scss/blob/master/src/rules/at-if-no-null/README.md
- preferring shorthand for border-radius and padding properties: https://stylelint.io/user-guide/rules/declaration-block-no-redundant-longhand-properties/
Changes from .stylelintrc to stylelint.config.js as it is preferred

netlify · 2025-04-15T14:56:41Z

✅ Deploy Preview for ofh-design-system-docs ready!

Name	Link
🔨 Latest commit	`49f1909`
🔍 Latest deploy log	https://app.netlify.com/sites/ofh-design-system-docs/deploys/67fe792f30d21800089f9088
😎 Deploy Preview	https://deploy-preview-151--ofh-design-system-docs.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

hanllo changed the title ~~Pxg 1351 fix high security vulnerabilities in design system toolkit 2~~ PXG-1351: fix moderate security vulnerability in postcss by upgrading stylelint Apr 15, 2025

hanllo added 25 commits April 15, 2025 16:19

Upgrade stylelint

fb46d31

Fix max-empty-lines

06a4d7c

Fix color-hex-length

330cdc3

Fix comment-empty-line-before

bf57d16

Fix no-empty-first-line

33ee337

Fix no-extra-semicolons

1c66750

Fix scss/at-if-no-null

89ede97

Fix declaration-empty-line-before

b956bff

Fix rule-empty-line-before

7375d60

Fix block-closing-brace-empty-line-before

d2eb1e1

Fix selector-combinator-space-before

44166a4

Fix declaration-block-semicolon-space-before

adc4e48

Fix no-invalid-position-at-import-rule

b5ae101

Fix scss/dollar-variable-colon-space-after

43b3e75

Fix at-rule-empty-line-before

486b4e8

Fix scss/at-rule-conditional-no-parentheses

96f3712

Fix scss/double-slash-comment-empty-line-before

0adc60c

Fix scss/dollar-variable-empty-line-before

78ffd42

Fix scss/at-if-closing-brace-newline-after

fcdfa31

Fix color-function-notation

79c62ce

scss/double-slash-comment-whitespace-inside

f0e1223

Fix selector-pseudo-element-colon-notation

8d80823

Fix color-hex-case

4f85c0d

Fix declaration-block-no-redundant-longhand-properties

cb9b8f1

Fix max-line-length

49f1909

hanllo force-pushed the PXG-1351-fix-high-security-vulnerabilities-in-design-system-toolkit-2 branch from 16d4181 to 49f1909 Compare April 15, 2025 15:20

hanllo marked this pull request as ready for review April 15, 2025 15:23

Raymond-Ly approved these changes Apr 16, 2025

View reviewed changes

hanllo merged commit d010336 into main Apr 16, 2025
5 checks passed

hanllo deleted the PXG-1351-fix-high-security-vulnerabilities-in-design-system-toolkit-2 branch April 16, 2025 10:29

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

PXG-1351: fix moderate security vulnerability in postcss by upgrading stylelint#151

PXG-1351: fix moderate security vulnerability in postcss by upgrading stylelint#151
hanllo merged 25 commits intomainfrom
PXG-1351-fix-high-security-vulnerabilities-in-design-system-toolkit-2

hanllo commented Apr 15, 2025 •

edited

Loading

Uh oh!

netlify bot commented Apr 15, 2025 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

2 participants

Conversation

hanllo commented Apr 15, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

netlify bot commented Apr 15, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

✅ Deploy Preview for ofh-design-system-docs ready!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

2 participants

hanllo commented Apr 15, 2025 •

edited

Loading

netlify bot commented Apr 15, 2025 •

edited

Loading