fix(security): override postcss to ^8.5.10
Resolves GHSA-qx2v-qp2m-jg93 (PostCSS XSS via Unescaped </style> in CSS Stringify Output) in the @expo/metro-config + tailwindcss build chain. Build-time only, not runtime-exploitable in RN, but cleared for audit hygiene. Defenseur scan post-override: 13/13 passed, 0 findings (the residual uuid cascade is suppressed via defenseurs allowlist for GHSA-w5hq-g745-h8pq). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
le king fu
parent
cc1e187c85
commit
08cba37775
2 changed files with 6 additions and 5 deletions
8
package-lock.json
generated
8
package-lock.json
generated
|
|
@ -9323,9 +9323,9 @@
|
|||
}
|
||||
},
|
||||
"node_modules/postcss": {
|
||||
"version": "8.4.49",
|
||||
"resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.49.tgz",
|
||||
"integrity": "sha512-OCVPnIObs4N29kxTjzLfUryOkvZEq+pf8jTF0lg8E7uETuWHA+v7j3c/xJmiqpX450191LlmZfUKkXxkTry7nA==",
|
||||
"version": "8.5.12",
|
||||
"resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.12.tgz",
|
||||
"integrity": "sha512-W62t/Se6rA0Az3DfCL0AqJwXuKwBeYg6nOaIgzP+xZ7N5BFCI7DYi1qs6ygUYT6rvfi6t9k65UMLJC+PHZpDAA==",
|
||||
"funding": [
|
||||
{
|
||||
"type": "opencollective",
|
||||
|
|
@ -9342,7 +9342,7 @@
|
|||
],
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"nanoid": "^3.3.7",
|
||||
"nanoid": "^3.3.11",
|
||||
"picocolors": "^1.1.1",
|
||||
"source-map-js": "^1.2.1"
|
||||
},
|
||||
|
|
|
|||
|
|
@ -66,7 +66,8 @@
|
|||
"overrides": {
|
||||
"esbuild": "^0.25.0",
|
||||
"@xmldom/xmldom": "^0.8.13",
|
||||
"uuid": "^11.0.0"
|
||||
"uuid": "^11.0.0",
|
||||
"postcss": "^8.5.10"
|
||||
},
|
||||
"private": true
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue