fix(security): override postcss to ^8.5.10 #80

Merged

maximus merged 1 commit from fix/vuln-postcss-override into master

2026-04-28 01:26:12 +00:00

Author	SHA1	Message	Date
le king fu	08cba37775	fix(security): override postcss to ^8.5.10 Resolves GHSA-qx2v-qp2m-jg93 (PostCSS XSS via Unescaped </style> in CSS Stringify Output) in the @expo/metro-config + tailwindcss build chain. Build-time only, not runtime-exploitable in RN, but cleared for audit hygiene. Defenseur scan post-override: 13/13 passed, 0 findings (the residual uuid cascade is suppressed via defenseurs allowlist for GHSA-w5hq-g745-h8pq). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-26 15:37:19 -04:00

Author

SHA1

Message

Date

le king fu

08cba37775

fix(security): override postcss to ^8.5.10

Resolves GHSA-qx2v-qp2m-jg93 (PostCSS XSS via Unescaped </style> in CSS
Stringify Output) in the @expo/metro-config + tailwindcss build chain.
Build-time only, not runtime-exploitable in RN, but cleared for audit hygiene.

Defenseur scan post-override: 13/13 passed, 0 findings (the residual uuid
cascade is suppressed via defenseurs allowlist for GHSA-w5hq-g745-h8pq).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-04-26 15:37:19 -04:00