Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Get rid of postcss 7.x #5417

Open
4 tasks
max-nextcloud opened this issue Feb 26, 2024 · 0 comments
Open
4 tasks

Get rid of postcss 7.x #5417

max-nextcloud opened this issue Feb 26, 2024 · 0 comments
Labels
1. to develop technical debt

Comments

@max-nextcloud
Copy link
Collaborator

max-nextcloud commented Feb 26, 2024
edited
Loading

Describe the bug
https://github.com/nextcloud/text/security/dependabot/42 reports a regexp DOS in postcss 7.x

We actually have conflicting requirements here:

@vue/vue2-jest@29.2.6 requires postcss@^7.0.36 via @vue/component-compiler-utils@3.3.0
@nextcloud/webpack-vue-config@6.0.1 requires postcss@^7.0.36 via a transitive dependency on @vue/component-compiler-utils@3.3.0
vite@5.0.12 requires postcss@^8.4.32
@vitejs/plugin-vue2@2.3.1 requires postcss@^8.4.32 via vite@5.0.12
No patched version available for postcss

So right now we include postcss@7 and postcss@8.

Both requirements of postcss@7 come from @vue/component-compiler-utils@3.3.0 which should not be required anymore since vue 2.7. However we still require it due to the need for vue-loader@15 for using webpack with vue 2.

Looks like this might be the way forward:
@max-nextcloud max-nextcloud added the bug Something isn't working label Feb 26, 2024
@juliusknorr juliusknorr added 1. to develop technical debt and removed bug Something isn't working labels Oct 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
1. to develop technical debt
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@juliusknorr @max-nextcloud