Skip to content

fix: upgrade @adobe/css-tools to 4.3.2 to address vulnerability #555

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

fix: upgrade @adobe/css-tools to 4.3.2 to address vulnerability #555

wants to merge 1 commit into from

Conversation

@lernerb
Copy link

@lernerb lernerb commented Dec 5, 2023

What:
Per GitHub Advisory (GHSA-prr3-c3m5-p7q2), updating to 4.3.2 for all consumers of this package.

Why:
All consumers would have to do an audit fix and manually override to 4.3.2, this forces it for folks.

How:
Updates the package.json file to force one higher patch version that does not have the security issue.

Checklist:

  • Documentation
  • Tests
  • Updated Type Definitions
  • Ready to be merged

@lernerb
fix: upgrade @adobe/css-tools to 4.3.2 to address vulnerability
993ccec 
Per GitHub Advisory (GHSA-prr3-c3m5-p7q2), updating to 4.3.2 for all consumers of this package.
@lernerb lernerb mentioned this pull request Dec 5, 2023
Merged
4 tasks
@lernerb
Copy link
Author

lernerb commented Dec 5, 2023

Ah looks like someone beat me to this, i'll close this in favor of #553

@lernerb lernerb closed this Dec 5, 2023
@specialdoom specialdoom mentioned this pull request Dec 28, 2023
Merged
5 tasks
@specialdoom specialdoom mentioned this pull request Jan 26, 2024
Closed
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@lernerb