Change: use PR of rework-import that fixed vulnerability

Cj-bc · Cj-bc · commit ad405a71a2d0 · 2020-11-15T13:27:17.000+09:00
Current version of rework-import is depends on 'url-regex', which have high severity vulnerability, and it's recommended to use 'url-regex-safe' instead: CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7661 There're PR for rework-import, which is dependency of this and depends on 'url-regex', to use 'url-regex-safe': reworkcss/rework-import#20 But it's not merged yet (Actually I don't believe it will be merged in the future) so that I directly use his branch to fix it.
diff --git a/package.json b/package.json
@@ -24,7 +24,7 @@
     "parse-import": "^2.0.0",
     "plugin-error": "^0.1.2",
     "rework": "~1.0.0",
-    "rework-import": "^2.0.0",
+    "rework-import": "DullReferenceException/rework-import#security-audit-bump",
     "rework-plugin-url": "^1.0.1",
     "through2": "~1.1.1",
     "vinyl": "^2.1.0"
