Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: update postcss-load-config #880

Merged
merged 4 commits into from
Jun 16, 2023
Merged

chore: update postcss-load-config #880

merged 4 commits into from
Jun 16, 2023

Conversation

await-ovo
Copy link
Contributor

@await-ovo await-ovo commented Apr 11, 2023
edited
Loading

close #874

Before we update to pnpm v8, specify the pnpm version as v7 in ci.yml

@codesandbox
Copy link

codesandbox bot commented Apr 11, 2023

CodeSandbox logoCodeSandbox logo  Open in CodeSandbox Web Editor | VS Code | VS Code Insiders

@vercel
Copy link

vercel bot commented Apr 11, 2023
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
tsup ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jun 16, 2023 6:15am

@socket-security
Copy link

socket-security bot commented Apr 11, 2023
edited
Loading

👍 Dependency issues cleared. Learn more about Socket for GitHub ↗︎

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

Next steps

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

@await-ovo await-ovo force-pushed the chore-update-postcss-load-config branch from 5d2d646 to 6e199d4 Compare April 11, 2023 02:34
@dominikg
Copy link

fyi: merging this would help avoid/fix an npm audit issue. postcss-load-config@3 depends on yaml@1 which has an active advisory GHSA-f9xv-q969-pqx4
It is fixed in yaml@2.2.2 which can be used via postcss-load-config@4

@bnussman-akamai
Copy link

bnussman-akamai commented May 23, 2023
edited
Loading

Also would like this merged so we can resolve the yaml advisory

@socket-security
Copy link

New and updated dependency changes detected. Learn more about Socket for GitHub ↗︎

Packages Version New capabilities Transitives1 Size Publisher
postcss-load-config 🆕 4.0.1 None +2 699 kB ai

Footnotes

  1. https://docs.socket.dev

@egoist egoist merged commit 68297f7 into egoist:dev Jun 16, 2023
@github-actions
Copy link
Contributor

🎉 This PR is included in version 7.0.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[postcss] tsup fails if postcss.config.js is es module
4 participants
@await-ovo @dominikg @bnussman-akamai @egoist