tailwindcss icon indicating copy to clipboard operation
tailwindcss copied to clipboard

Published 20 hours ago verified publisher icon tailwindlabs

Upgrade lilconfig version to enable ESM support

Open thibautsabot opened this issue 1 year ago • 2 comments

This PR https://github.com/tailwindlabs/tailwindcss/pull/12455 was merged last year by a lilconfig maintainer.

However, looking at the merge commit here, only the package-lock.json file was changed, the package.json didn't make it through.

Upgrading to lilconfig v3 allows user to use ESM for importing postcss configs. (For example, when using "type": "module" in package.json)

On this branch, I used the latest version (which includes security patches), alongside a small bump to postcss-load-config.

thibautsabot avatar Jul 20 '24 08:07 thibautsabot

Can I bring this Pull Request up the stack again?

TomTom-Labs avatar Nov 12 '24 07:11 TomTom-Labs

Also, upgrading this, would resolve:

"Versions of the package lilconfig from 3.1.0 and before 3.1.1 are vulnerable to Arbitrary Code Execution due to the insecure usage of eval in the dynamicImport function."

hosemadev avatar Nov 12 '24 07:11 hosemadev

Can we please get this merged? This resolves an error with my project as reported here https://github.com/shellscape/jsx-email/issues/257

shellscape avatar Dec 03 '24 14:12 shellscape

@thibautsabot [email protected] was just released today that contains an important fix for windows absolute paths.

shellscape avatar Dec 03 '24 15:12 shellscape

Closing in favor of #15289

thecrypticace avatar Dec 03 '24 19:12 thecrypticace