Upgrade Sucrase to v3.35.1 in Tailwind CSS v3 to Address glob v10.4.5 Vulnerability #19352
Closed as duplicate of#19327
Description
Tailwind CSS v3 currently depends on Sucrase v3.35.0, which internally uses a vulnerable version of glob (v10.4.5).
The latest Sucrase release (v3.35.1) updates this dependency and replace the vulnerable glob version.
Action Needed:
Update Tailwind CSS dependency chain to use Sucrase v3.35.1.
Verify that the updated version removes the vulnerable glob transitive dependency.
Ensure no breaking changes arise from the upgrade.
Reason:
Sucrase v3.35.0 pulls in glob v10.4.5, which contains known vulnerabilities.
Upgrading Sucrase resolves this issue.