Skip to content

Bump transitive postcss to address moderate advisory#47

Open
TimoStaudinger wants to merge 1 commit into
mainfrom
claude/festive-cannon-8ynr4
Open

Bump transitive postcss to address moderate advisory#47
TimoStaudinger wants to merge 1 commit into
mainfrom
claude/festive-cannon-8ynr4

Conversation

@TimoStaudinger
Copy link
Copy Markdown
Owner

@TimoStaudinger TimoStaudinger commented May 9, 2026

Summary

All top-level dependencies are already pinned to their latest versions. The only outstanding item from yarn audit was a moderate advisory against postcss < 8.5.10 (CSS stringify XSS, GHSA via npm advisory 1117015), pulled in transitively because next exact-pins postcss@8.4.31.

This PR adds a resolutions entry so yarn pulls postcss ^8.5.14, clearing the audit warning. No top-level deps change.

  • yarn audit now reports 0 vulnerabilities (down from 1 moderate).
  • yarn build passes locally.
  • yarn test could not be run locally — the sandbox cannot download Chromium revision 1217 required by Playwright 1.59.1. Verifying via CI.

Test plan

  • CI Playwright suite passes
  • Vercel preview build succeeds

Generated by Claude Code

@vercel
Copy link
Copy Markdown

vercel Bot commented May 9, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
timostaudinger-com Ready Ready Preview, Comment May 9, 2026 1:15pm

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@TimoStaudinger @claude