Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove @types/stylelint since stylelint has it's own types #259

Closed
PodaruDragos opened this issue Jan 13, 2022 · 0 comments · Fixed by #260
Closed

Remove @types/stylelint since stylelint has it's own types #259

PodaruDragos opened this issue Jan 13, 2022 · 0 comments · Fixed by #260

Comments

@PodaruDragos
Copy link

PodaruDragos commented Jan 13, 2022
edited
Loading

Bug report

using this plugin will result in Expression Denial of Service in postcss from @types/stylelint

Actual Behavior

Expression Denial of Service in postcss - GHSA-566m-qj78-rww5

Expected Behavior

no denial of service

How Do We Reproduce?

just use styleint-webpack-plugin and you'll get the audit report

postcss  <8.2.13
Severity: moderate
Regular Expression Denial of Service in postcss - https://github.com/advisories/GHSA-566m-qj78-rww5
fix available via `npm audit fix --force`
Will install stylelint-webpack-plugin@2.1.1, which is a breaking change
node_modules/@types/stylelint/node_modules/postcss
node_modules/postcss-filter-plugins/node_modules/postcss
node_modules/postcss-icss-keyframes/node_modules/postcss
node_modules/postcss-icss-selectors/node_modules/postcss
  @types/stylelint  9.10.0 - 13.13.3
  Depends on vulnerable versions of postcss
  node_modules/@types/stylelint
    stylelint-webpack-plugin  >=2.2.0
    Depends on vulnerable versions of @types/stylelint
    node_modules/stylelint-webpack-plugin
  icss-utils  <=4.1.1
  Depends on vulnerable versions of postcss
  node_modules/postcss-icss-keyframes/node_modules/icss-utils
  node_modules/postcss-filter-plugins
    typescript-plugin-css-modules  *
    Depends on vulnerable versions of postcss-filter-plugins
    Depends on vulnerable versions of postcss-icss-keyframes
    Depends on vulnerable versions of postcss-icss-selectors
    node_modules/typescript-plugin-css-modules
  postcss-icss-keyframes  *
  Depends on vulnerable versions of postcss
  node_modules/postcss-icss-keyframes
  postcss-icss-selectors  *
  Depends on vulnerable versions of postcss
  node_modules/postcss-icss-selectors

8 moderate severity vulnerabilities
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: remove outdated stylelint types webpack-contrib/stylelint-webpack-plugin
1 participant
@PodaruDragos