Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wondering if the dependencies will be upgraded for this plugin? #8

Open
sgrobert opened this issue Jan 15, 2022 · 1 comment
Open

Wondering if the dependencies will be upgraded for this plugin? #8

sgrobert opened this issue Jan 15, 2022 · 1 comment

Comments

@sgrobert
Copy link

Hi there,

Though this is not a critical concern, I am just wondering whether there will be updates to the dependencies libraries for this plugin since Tailwindcss has successfully moved to v3 with updates to dependencies such as autoprefixer, postcss, purgecss, etc.

# npm audit report

postcss  <=8.2.12
Severity: moderate
Regular Expression Denial of Service in postcss - https://github.com/advisories/GHSA-hwj9-h5mp-3pm3
Regular Expression Denial of Service in postcss - https://github.com/advisories/GHSA-566m-qj78-rww5
No fix available
node_modules/postcss-functions/node_modules/postcss
node_modules/tailwindcss-textshadow/node_modules/@fullhuman/postcss-purgecss/node_modules/postcss
node_modules/tailwindcss-textshadow/node_modules/postcss
node_modules/tailwindcss-textshadow/node_modules/purgecss/node_modules/postcss
  @fullhuman/postcss-purgecss  2.0.3 - 3.0.0
  Depends on vulnerable versions of postcss
  Depends on vulnerable versions of purgecss
  node_modules/tailwindcss-textshadow/node_modules/@fullhuman/postcss-purgecss
    tailwindcss  0.1.0 - 2.2.0-canary.16
    Depends on vulnerable versions of @fullhuman/postcss-purgecss
    Depends on vulnerable versions of autoprefixer
    Depends on vulnerable versions of postcss
    Depends on vulnerable versions of postcss-functions
    Depends on vulnerable versions of postcss-nested
    node_modules/tailwindcss-textshadow/node_modules/tailwindcss
      tailwindcss-textshadow  *
      Depends on vulnerable versions of tailwindcss
      node_modules/tailwindcss-textshadow
  autoprefixer  1.0.20131222 - 9.8.8
  Depends on vulnerable versions of postcss
  node_modules/tailwindcss-textshadow/node_modules/autoprefixer
  postcss-functions  <=3.0.0
  Depends on vulnerable versions of postcss
  node_modules/postcss-functions
  postcss-js  <=2.0.3
  Depends on vulnerable versions of postcss
  node_modules/tailwindcss-textshadow/node_modules/postcss-js
  postcss-nested  <=4.2.3
  Depends on vulnerable versions of postcss
  node_modules/tailwindcss-textshadow/node_modules/postcss-nested
  purgecss  2.0.1-beta.0 - 3.0.0
  Depends on vulnerable versions of postcss
  node_modules/tailwindcss-textshadow/node_modules/purgecss

9 moderate severity vulnerabilities

Looking forward to the potential update if it is in the pipeline.

Cheers!
@tycrek
Copy link

tycrek commented Mar 27, 2023

I forked the project and updated the dependencies since I also wanted to clear those warnings. Can find it here: https://github.com/TinyCreek/tailwindcss-textshadow

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sgrobert @tycrek