Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update dependency postcss to v8.4.31 [security] #2347

Merged
merged 1 commit into from
Oct 18, 2023
Merged

chore(deps): update dependency postcss to v8.4.31 [security] #2347

merged 1 commit into from
Oct 18, 2023

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Oct 7, 2023
edited
Loading

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
postcss (source) 8.4.24 -> 8.4.31 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2023-44270

An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \r discrepancies, as demonstrated by @font-face{ font:(\r/*);} in a rule.

This vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being originally included in a comment.

Release Notes

postcss/postcss (postcss)

v8.4.31

Compare Source

v8.4.30

Compare Source

  • Improved source map performance (by Romain Menke).

v8.4.29

Compare Source

  • Fixed Node#source.offset (by Ido Rosenthal).
  • Fixed docs (by Christian Oliff).

v8.4.28

Compare Source

  • Fixed Root.source.end for better source map (by Romain Menke).
  • Fixed Result.root types when process() has no parser.

v8.4.27

Compare Source

  • Fixed Container clone methods types.

v8.4.26

Compare Source

  • Fixed clone methods types.

v8.4.25

Compare Source

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot added the Dependencies Issue with a project dependency or associated system label Oct 7, 2023
@changeset-bot
Copy link

changeset-bot bot commented Oct 7, 2023
edited
Loading

⚠️ No Changeset found

Latest commit: 05dedf5

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@github-actions
Copy link
Contributor

github-actions bot commented Oct 7, 2023
edited
Loading

Size Change: -6 B (0%)

Total Size: 1.08 MB

Filename Size Change
packages/lib/dist/cjs/index.js 247 kB -2 B (0%)
packages/lib/dist/es.modern/index.js 119 kB -3 B (0%)
packages/lib/dist/es/index.js 139 kB -1 B (0%)
ℹ️ View Unchanged
Filename Size
packages/lib/dist/adyen.js 286 kB
packages/lib/dist/es.modern/ar.js 6.54 kB
packages/lib/dist/es.modern/cs-CZ.js 5.81 kB
packages/lib/dist/es.modern/da-DK.js 5.29 kB
packages/lib/dist/es.modern/de-DE.js 5.7 kB
packages/lib/dist/es.modern/el-GR.js 7.44 kB
packages/lib/dist/es.modern/es-ES.js 5.37 kB
packages/lib/dist/es.modern/fi-FI.js 5.38 kB
packages/lib/dist/es.modern/fr-FR.js 5.56 kB
packages/lib/dist/es.modern/hr-HR.js 5.61 kB
packages/lib/dist/es.modern/hu-HU.js 5.86 kB
packages/lib/dist/es.modern/it-IT.js 5.44 kB
packages/lib/dist/es.modern/ja-JP.js 6.27 kB
packages/lib/dist/es.modern/ko-KR.js 5.91 kB
packages/lib/dist/es.modern/nl-NL.js 5.4 kB
packages/lib/dist/es.modern/no-NO.js 5.27 kB
packages/lib/dist/es.modern/pl-PL.js 5.87 kB
packages/lib/dist/es.modern/pt-BR.js 5.43 kB
packages/lib/dist/es.modern/pt-PT.js 5.55 kB
packages/lib/dist/es.modern/ro-RO.js 5.68 kB
packages/lib/dist/es.modern/ru-RU.js 6.89 kB
packages/lib/dist/es.modern/sk-SK.js 5.97 kB
packages/lib/dist/es.modern/sl-SI.js 5.52 kB
packages/lib/dist/es.modern/sv-SE.js 5.23 kB
packages/lib/dist/es.modern/zh-CN.js 5.72 kB
packages/lib/dist/es.modern/zh-TW.js 5.86 kB
packages/lib/dist/es/ar.js 6.54 kB
packages/lib/dist/es/cs-CZ.js 5.81 kB
packages/lib/dist/es/da-DK.js 5.29 kB
packages/lib/dist/es/de-DE.js 5.7 kB
packages/lib/dist/es/el-GR.js 7.44 kB
packages/lib/dist/es/es-ES.js 5.37 kB
packages/lib/dist/es/fi-FI.js 5.38 kB
packages/lib/dist/es/fr-FR.js 5.56 kB
packages/lib/dist/es/hr-HR.js 5.61 kB
packages/lib/dist/es/hu-HU.js 5.86 kB
packages/lib/dist/es/it-IT.js 5.44 kB
packages/lib/dist/es/ja-JP.js 6.27 kB
packages/lib/dist/es/ko-KR.js 5.91 kB
packages/lib/dist/es/nl-NL.js 5.4 kB
packages/lib/dist/es/no-NO.js 5.27 kB
packages/lib/dist/es/pl-PL.js 5.87 kB
packages/lib/dist/es/pt-BR.js 5.43 kB
packages/lib/dist/es/pt-PT.js 5.55 kB
packages/lib/dist/es/ro-RO.js 5.68 kB
packages/lib/dist/es/ru-RU.js 6.89 kB
packages/lib/dist/es/sk-SK.js 5.97 kB
packages/lib/dist/es/sl-SI.js 5.52 kB
packages/lib/dist/es/sv-SE.js 5.23 kB
packages/lib/dist/es/zh-CN.js 5.72 kB
packages/lib/dist/es/zh-TW.js 5.86 kB

compressed-size-action

@renovate renovate bot force-pushed the renovate/npm-postcss-vulnerability branch from d3fa6e8 to 4822ea3 Compare October 7, 2023 22:34
@renovate renovate bot changed the title chore(deps): update dependency postcss to v8.4.31 [security] chore(deps): update dependency postcss to v8.4.31 [security] - autoclosed Oct 8, 2023
@renovate renovate bot closed this Oct 8, 2023
@renovate renovate bot deleted the renovate/npm-postcss-vulnerability branch October 8, 2023 00:24
@renovate renovate bot changed the title chore(deps): update dependency postcss to v8.4.31 [security] - autoclosed chore(deps): update dependency postcss to v8.4.31 [security] Oct 11, 2023
@renovate renovate bot reopened this Oct 11, 2023
@renovate renovate bot restored the renovate/npm-postcss-vulnerability branch October 11, 2023 09:34
@renovate renovate bot force-pushed the renovate/npm-postcss-vulnerability branch from 4822ea3 to 05dedf5 Compare October 11, 2023 09:34
@sonarqubecloud
Copy link

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@longyulongyu longyulongyu merged commit 5ee60af into main Oct 18, 2023
10 checks passed
@longyulongyu longyulongyu deleted the renovate/npm-postcss-vulnerability branch October 18, 2023 11:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@longyulongyu longyulongyu longyulongyu approved these changes

@marcperez marcperez Awaiting requested review from marcperez

@pabloai pabloai Awaiting requested review from pabloai pabloai is a code owner

@sponglord sponglord Awaiting requested review from sponglord sponglord is a code owner

@m1aw m1aw Awaiting requested review from m1aw m1aw is a code owner

@ribeiroguilherme ribeiroguilherme Awaiting requested review from ribeiroguilherme ribeiroguilherme is a code owner

Assignees
No one assigned
Labels
Dependencies Issue with a project dependency or associated system
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@longyulongyu