FYI: I unpublished 4.0.0 #50
Comments
|
@stefanpenner I think I managed to understand some of the context now:
|
|
Github started notifying me today that several of my ember addons have a vulnerability for |
|
I'm also getting the same warnings as @jrjohnson. What's the path forward? |
|
maybe a 3.3.1 with |
|
@DuBistKomisch Looks like bumping broccoli-clean-css was attempted previously but had to be reverted: #27 (comment) |
|
@stefanpenner I can see that security issue is already fixed. Can this version be published now? Yarn Audit is blocking the CI in my project. Thank you! |
|
@rogeraraujo90 The issue at this point is that the security bug (which has no actual impact on your Ember app in the browser) was only fixed in the 4.x stream of clean-css whereas this dependency relies on clean-css v3.x. There are some breaking changes in the clean-css config options from v3 to v4, so it can't be updated here without causing a breaking change to Ember CLI. As suggested in the linked ember-cli issue above (ember-cli/ember-cli#8579) your best bet is likely to add the updated clean-css to your yarn resolutions in package.json: "resolutions": {
"clean-css": "4.2.1"
}And then address any breaking changes that may be needed to any config options under the |
|
Thank you for the fast response @gorner! I'll proceed with your suggested workaround while wait for Ember 4. |
|
I want to re-release 4.0.0 and update the dependency for ember-cli 5.0. We can document how to add back the exact old clean-css behavior and also how to use the newest clean-css instead. |
|
Closing as I have now re-released the 4.x changes in 5.0(.1). ember-cli/ember-cli#10244 Updates in ember-cli. |
FYI: I unpublished 4.0.0 per @Turbo87's advice. I'm leaving this issue here so future travels can be aware, and so we can fill in the reason and blockers.
To do so @rwjblue I likely need some of your context.
The text was updated successfully, but these errors were encountered: