Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Can you make preact use postcss@8?

See original GitHub issue

postcss 7.0.0 - 8.2.9 Severity: moderate Regular Expression Denial of Service - https://npmjs.com/advisories/1693 fix available via npm audit fix --force Will install preact-cli@2.2.1, which is a breaking change node_modules/postcss autoprefixer 9.0.0 - 9.8.6 Depends on vulnerable versions of postcss node_modules/autoprefixer critters-webpack-plugin >=2.0.1 Depends on vulnerable versions of postcss node_modules/critters-webpack-plugin preact-cli >=3.0.0-next.1 Depends on vulnerable versions of critters-webpack-plugin node_modules/preact-cli css-declaration-sorter 4.0.0 - 5.1.2 Depends on vulnerable versions of postcss node_modules/css-declaration-sorter css-loader 2.0.0 - 4.3.0 Depends on vulnerable versions of postcss node_modules/css-loader cssnano 4.0.0-nightly.2020.1.9 - 4.0.0-rc.2 || 4.1.1 - 4.1.11 Depends on vulnerable versions of postcss node_modules/cssnano optimize-css-assets-webpack-plugin 3.2.1 || >=5.0.2 Depends on vulnerable versions of cssnano node_modules/optimize-css-assets-webpack-plugin cssnano-preset-default <=4.0.0-rc.2 || 4.0.1 - 4.0.8 Depends on vulnerable versions of cssnano-util-raw-cache Depends on vulnerable versions of postcss Depends on vulnerable versions of postcss-normalize-timing-functions node_modules/cssnano-preset-default cssnano-util-raw-cache >=4.0.1 Depends on vulnerable versions of postcss node_modules/cssnano-util-raw-cache icss-utils 4.0.0 - 4.1.1 Depends on vulnerable versions of postcss node_modules/icss-utils postcss-modules-local-by-default 2.0.0 - 4.0.0-rc.4 Depends on vulnerable versions of icss-utils Depends on vulnerable versions of postcss node_modules/postcss-modules-local-by-default postcss-modules-values 2.0.0 - 4.0.0-rc.5 Depends on vulnerable versions of icss-utils Depends on vulnerable versions of postcss node_modules/postcss-modules-values postcss-calc 6.0.2 - 7.0.5 Depends on vulnerable versions of postcss node_modules/postcss-calc postcss-colormin 4.0.0-nightly.2020.1.9 - 4.0.0-rc.2 || 4.0.2 - 4.0.3 Depends on vulnerable versions of postcss node_modules/postcss-colormin postcss-convert-values 4.0.0-nightly.2020.1.9 - 4.0.0-rc.2 || 4.0.1 Depends on vulnerable versions of postcss node_modules/postcss-convert-values postcss-discard-comments 4.0.0-nightly.2020.1.9 - 4.0.0-rc.2 || 4.0.1 - 4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-discard-comments postcss-discard-duplicates 4.0.0-nightly.2020.1.9 - 4.0.0-rc.2 || 4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-discard-duplicates postcss-discard-empty 4.0.0-nightly.2020.1.9 - 4.0.0-rc.2 || 4.0.1 Depends on vulnerable versions of postcss node_modules/postcss-discard-empty postcss-discard-overridden 4.0.0-nightly.2020.1.9 - 4.0.0-rc.2 || 4.0.1 Depends on vulnerable versions of postcss node_modules/postcss-discard-overridden postcss-loader 3.0.0 - 4.0.1 Depends on vulnerable versions of postcss node_modules/postcss-loader postcss-merge-longhand 4.0.0-nightly.2020.1.9 - 4.0.0-rc.2 || 4.0.6 - 4.0.11 Depends on vulnerable versions of postcss node_modules/postcss-merge-longhand postcss-merge-rules 4.0.0-nightly.2020.1.9 - 4.0.0-rc.2 || 4.0.2 - 4.0.3 Depends on vulnerable versions of postcss node_modules/postcss-merge-rules postcss-minify-font-values 4.0.0-nightly.2020.1.9 - 4.0.0-rc.2 || 4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-minify-font-values postcss-minify-gradients 4.0.0-nightly.2020.1.9 - 4.0.0-rc.2 || 4.0.1 - 4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-minify-gradients postcss-minify-params 4.0.0-nightly.2020.1.9 - 4.0.0-rc.2 || 4.0.1 - 4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-minify-params postcss-minify-selectors 4.0.0-nightly.2020.1.9 - 4.0.0-rc.2 || 4.0.1 - 4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-minify-selectors postcss-modules-extract-imports 2.0.0 Depends on vulnerable versions of postcss node_modules/postcss-modules-extract-imports postcss-modules-scope 2.0.0 - 2.2.0 Depends on vulnerable versions of postcss node_modules/postcss-modules-scope postcss-normalize-charset 4.0.0-nightly.2020.1.9 - 4.0.0-rc.2 || 4.0.1 Depends on vulnerable versions of postcss node_modules/postcss-normalize-charset postcss-normalize-display-values <=4.0.0-rc.2 || 4.0.1 - 4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-normalize-display-values postcss-normalize-positions <=4.0.0-rc.2 || 4.0.1 - 4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-normalize-positions postcss-normalize-repeat-style <=4.0.0-rc.2 || 4.0.1 - 4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-normalize-repeat-style postcss-normalize-string <=4.0.0-rc.2 || 4.0.1 - 4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-normalize-string postcss-normalize-timing-functions <=4.0.0-rc.2 || 4.0.1 - 4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-normalize-timing-functions postcss-normalize-unicode <=4.0.0-rc.2 || 4.0.1 Depends on vulnerable versions of postcss node_modules/postcss-normalize-unicode postcss-normalize-url 4.0.0-nightly.2020.1.9 - 4.0.0-rc.2 || 4.0.1 Depends on vulnerable versions of postcss node_modules/postcss-normalize-url postcss-normalize-whitespace <=4.0.0-rc.2 || 4.0.1 - 4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-normalize-whitespace postcss-ordered-values 4.0.0-nightly.2020.1.9 - 4.0.0-rc.2 || 4.1.1 - 4.1.2 Depends on vulnerable versions of postcss node_modules/postcss-ordered-values postcss-reduce-initial 4.0.0-nightly.2020.1.9 - 4.0.0-rc.2 || 4.0.2 - 4.0.3 Depends on vulnerable versions of postcss node_modules/postcss-reduce-initial postcss-reduce-transforms 4.0.0-nightly.2020.1.9 - 4.0.0-rc.2 || 4.0.1 - 4.0.2 Depends on vulnerable versions of postcss node_modules/postcss-reduce-transforms postcss-svgo 4.0.0-nightly.2020.1.9 - 4.0.0-rc.2 || 4.0.1 - 4.0.3 Depends on vulnerable versions of postcss node_modules/postcss-svgo postcss-unique-selectors 4.0.0-nightly.2020.1.9 - 4.0.0-rc.2 || 4.0.1 Depends on vulnerable versions of postcss node_modules/postcss-unique-selectors

Can you make preact use postcss@8?

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Comments:8 (4 by maintainers)

github_iconTop GitHub Comments

2reactions
Pringelscommented, May 29, 2021

So I forked the project and upgraded autoprefixer only to discover that https://www.npmjs.com/package/critters-webpack-plugin still requires postcss 7 🙈 It looks like they’re about to publish a release that removes postcss entirely though, so I will try again in a week or so.

Maybe its just me but the postcss 7 -> 8 migration has been at absolute nightmare for my project’s stack. (preact-cli with tailwind)

1reaction
ForsakenHarmonycommented, May 19, 2021

postcss 7.0.0 - 8.2.9 Severity: moderate Regular Expression Denial of Service - npmjs.com/advisories/1693

@philosofonusus just noting, this does not impact you in any way as it’s only used during development, these kinds of vulnerabilities are only relevant if the affected code is run in production with untrusted user input

Read more comments on GitHub >

github_iconTop Results From Across the Web

Configuring Preact CLI with Tailwind CSS | The Mindless
Here, we will look at how to go about this configuration on a project ... Create a preact.config.js at the root of your...
Read more >
Error: PostCSS plugin autoprefixer requires ... - Stack Overflow
Autoprefixer uses the new PostCSS 8 API since version 10. ... If you're having this problem and you're using Tailwind CSS v2, try...
Read more >
microbundle-crl-postcss8 - npm package - Snyk
The zero-configuration bundler for tiny modules, powered by Rollup. ✨ Features: One dependency to bundle your library using only a package.json; Support for ......
Read more >
Tailwind purgecss - Caritas Castellaneta
This tutorial shows how to create a product website using React and Tailwind ... Install the plugin and TailwindCSS: yarn add preact-cli-tailwind-purgecss ...
Read more >
Upgrading from Preact 8.x
If you 're using preact-render-to-string you need to update it to the version that works ... To make third-party React libraries work with...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

ForkTSCheckerWebpackPlugin given wrong API schema

Next page

Can't use with storybook due to `html-webpack-plugin` issues