not working

🐞 Bug Report

Describe the bug

postcss has a vulnerability for v7.0.32:
GHSA-566m-qj78-rww5

This is brought in by the [email protected] dep, which is pinning to an exact version rather than using semver.

"dependencies": {
    "commander": "^5.0.0",
    "glob": "^7.0.0",
    "postcss": "7.0.32",
    "postcss-selector-parser": "^6.0.2"
  },

Expected behavior

Dependencies should not have vulnerabilities

Hello!

I hope you are doing well!

We are a security research team. Our tool automatically detected a vulnerability in this repository. We want to disclose it responsibly. GitHub has a feature called Private vulnerability reporting, which enables security research to privately disclose a vulnerability. Unfortunately, it is not enabled for this repository.

Can you enable it, so that we can report it?

Thanks in advance!

PS: you can read about how to enable private vulnerability reporting here: https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository

Currently we do not have an option to whitelist certain selectors if you do not want them removed by PurgeCSS using this library.
This feature would be to add support for whitelisting selectors.

PurgeCSS supports whitelisting https://purgecss.com/whitelisting.html.

Through these three options:

• Using specific selectors:
  whitelist: ['random', 'yep', 'button']
• Using a regular expression:

whitelistPatterns: [/red$/],
whitelistPatternsChildren: [/blue$/]

• In the CSS directly by adding this line to your css file.
  /* purgecss ignore */