fix: patch postcss 7 and bundle it in the published npm package #111
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Backports postcss/postcss@8682b1e postcss/postcss@b6f3e4d Fixes https://www.npmjs.com/advisories/1693 As postcss 7 isn't gonna release a new patch unless with commercial support, we have to patch it ourselves with patch-package.
yanfali
pushed a commit
to qmk/qmk_configurator
that referenced
this pull request
Jun 2, 2021
- waiting for upstream vuejs/component-compiler-utils#111
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backports
postcss/postcss@8682b1e
postcss/postcss@b6f3e4d
Fixes https://www.npmjs.com/advisories/1693
As postcss 7 isn't gonna release a new patch unless with commercial support, we have to patch it ourselves with patch-package.
It is to avoid introducing breaking changes to the downstream
vue-loaderv15.x.The patched source code will be shipped with the
@vue/component-compiler-utilsnpm package.So users can get rid of the vulnerability warnings.
For any potential vulnerabilities in the future, we'll still receive them from GitHub's dependabot. So this change won't affect the overall security of this package.
Fixes #110
Fixes vuejs/vue-cli#6467
Closes #109