Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
postcss security vulnerability 'Regular Expression Denial of Service'
See original GitHub issue- Laravel Mix Version: 6.0.19 (
npm list --depth=0) - Node Version (
node -v): v12.16.2 - NPM Version (
npm -v): 7.13.0 - OS: Windows 10 (OS Build 19041.985)
Description:
Dependency “postcss”: “^8.1.2” has security vulnerabilities reported by yarn audit: Regular Expression Denial of Service.
Patched in version >=8.2.10
Steps To Reproduce:
Run yarn audit or npm audit in the root folder
Issue Analytics
- State:
- Created 2 years ago
- Reactions:1
- Comments:21
Top Results From Across the Web
Regular Expression Denial of Service (ReDoS) in postcss | Snyk
The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they ...
Read more >postcss 7.0.0 - 8.2.9 Severity: moderate Regular Expression ...
I'm having the same issue. Doing a npm audit fix --force downgrades react-scripts resolving theses vulnerabilities but introducing yet more ...
Read more >postcss security vulnerability 'Regular Expression Denial of ...
Description: Dependency "postcss": "^8.1.2" has security vulnerabilities reported by yarn audit : Regular Expression Denial of Service.
Read more >CVE-2021-23368 nodejs-postcss: Regular expression denial ...
Doc Text: A regular expression denial of service (ReDoS) vulnerability was found in the npm library `postcss`. When parsing a supplied CSS string,...
Read more >Regular Expression Denial Of Service (ReDoS) Vulnerability ...
postcss is vulnerable to regular expression denial of service. The usage of an insecure regular expression in source map parsing allows an attacker...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Just ran into the same issue while trying to resolve our npm audit issues. Release 6.0.19 Doesn’t have the changes from #2979 in them yet. Can a new release be tagged @JeffreyWay?
In the meanwhile, using a branch constraint
JeffreyWay/laravel-mix#masteror commit constraintJeffreyWay/laravel-mix#b45f7a1ab2959a87e4364c6192f98a5f096ee542Fixes this issue for now.Im running on a fresh install. literally only axios and laravel mix installed.
Looking at laravel mix’s package.json file, it is still depending on postcss 8.1, how ever i can see that the version bump to 8.2 was about 10 days ago (as of this comment).
Its almost as though npm hasnt updated the package from github?
I would summize you need a new release tag for npm to to pick up the changes.