component-compiler-utils icon indicating copy to clipboard operation
component-compiler-utils copied to clipboard
verified publisher icon vuejs

CVE-2023-44270 on package dependencies

Open BulatSa opened this issue 2 years ago • 11 comments

Hello, i have alert from scanning about dependencie postcss. component-compiler-utils use "postcss": "^7.0.36", but "id":"CVE-2023-44270","package":"postcss","version":"7.0.39","fix_version":"8.4.31","severity":"Medium"

Please update to [email protected]

BulatSa avatar Nov 20 '23 08:11 BulatSa

See also #122

KonRatt avatar Nov 22 '23 14:11 KonRatt

Seconding this request

planetchili avatar Dec 07 '23 03:12 planetchili

+1

3zzy avatar Dec 08 '23 06:12 3zzy

samsies. seconding this

brock-rb2t avatar Jan 02 '24 21:01 brock-rb2t

Seconding the request. Is this project still maintained?

SebasAnasco1517 avatar Jan 09 '24 11:01 SebasAnasco1517

Any update regarding this issue? Over 3 months are passed...

g-scalvini avatar Mar 05 '24 08:03 g-scalvini

+1

Gabrieltrinidad0101 avatar Apr 09 '24 22:04 Gabrieltrinidad0101

I would be really nice to have this one final update. All other subpackages of @vue/[email protected] are using the newer postcss version 8.4.31.

Updating the version of postcss in package.json and releasing a new minor version would make quite a few maintainers of legacy Vue apps happy. `

waruyama avatar Jun 05 '24 11:06 waruyama

Hello, Any update package yet? Seconding this request

kly-htun avatar Aug 21 '24 01:08 kly-htun

Any updates? Seconding this...

mikkowsx avatar Sep 30 '24 15:09 mikkowsx

Hi, there,

I tried a pull request #140 for updating postcss to version 8.4.49 as well as migrating plugins from version 7 to 8, pending.

Vhivi avatar Jan 03 '25 16:01 Vhivi