postcss-color-hex-alpha icon indicating copy to clipboard operation
postcss-color-hex-alpha copied to clipboard
verified publisher icon postcss

postcss-values-parser vulnerability

Open mcecode opened this issue 5 years ago • 2 comments

npm-audit

The above npm audit shows when I install postcss-color-hex-alpha@6 so I had to downgrade to v5, it still works but it would be good if I could use the latest version without fear of vulnerabilities.

Searching a bit, it seems postcss-values-parser@3 is the cause and updating it to v4 would fix the issue.

Thanks.

mcecode avatar Nov 25 '20 05:11 mcecode

Looking at the current pull requests, it seems merging #15 would fix this issue.

mcecode avatar Nov 25 '20 05:11 mcecode

@jonathantneal Very likely that this issue doesn’t affect postcss-values-parser, but it will be nice to avoid warning

ai avatar Nov 25 '20 14:11 ai