Skip to content

build(deps-dev): bump postcss from 8.5.9 to 8.5.12#2207

Merged
OneStepAt4time merged 10 commits into
mainfrom
dependabot/npm_and_yarn/postcss-8.5.12
Apr 27, 2026
Merged

build(deps-dev): bump postcss from 8.5.9 to 8.5.12#2207
OneStepAt4time merged 10 commits into
mainfrom
dependabot/npm_and_yarn/postcss-8.5.12

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 26, 2026
edited
Loading

Bumps postcss from 8.5.9 to 8.5.12.

Release notes

Sourced from postcss's releases.

8.5.12

  • Fixed reading any file via user-generated CSS.
  • Added opts.unsafeMap to disable checks.

8.5.11

  • Fixed nested brackets parsing performance (by @​offset).

8.5.10

  • Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).
Changelog

Sourced from postcss's changelog.

8.5.12

  • Fixed reading any file via user-generated CSS.
  • Added opts.unsafeMap to disable checks.

8.5.11

  • Fixed nested brackets parsing performance (by @​offset).

8.5.10

  • Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).
Commits
  • 9bc81c4 Release 8.5.12 version
  • 85c4d7d Another try to fix coverage
  • 94484ca Try to fix coverage
  • c64b748 Load only .map source maps
  • aaec7b7 Avoid throwing JSON parsing errors for non-JSON source maps
  • 233fb26 Mention original author of the solution
  • 2502f75 Release 8.5.11 version
  • 5ca1901 Speed up parsing many nested brackets
  • 42b5337 Update dependencies
  • 7e36e15 Cache node.raws locally in Stringifier hot methods
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 26, 2026
@dependabot dependabot Bot requested a review from OneStepAt4time as a code owner April 26, 2026 22:08
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 26, 2026
@dependabot
build(deps-dev): bump postcss from 8.5.9 to 8.5.12
3880e19 
Bumps [postcss](https://github.com/postcss/postcss) from 8.5.9 to 8.5.12.
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.5.9...8.5.12)

---
updated-dependencies:
- dependency-name: postcss
  dependency-version: 8.5.12
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/postcss-8.5.12 branch from a25ac1e to 3880e19 Compare April 26, 2026 22:17
OneStepAt4time
OneStepAt4time approved these changes Apr 26, 2026
View reviewed changes
Copy link
Copy Markdown
Owner

@OneStepAt4time OneStepAt4time left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dependabot bump. All required CI green. Safe to merge.

@OneStepAt4time OneStepAt4time merged commit 93d6e6e into main Apr 27, 2026
14 checks passed
@OneStepAt4time OneStepAt4time deleted the dependabot/npm_and_yarn/postcss-8.5.12 branch April 27, 2026 01:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@OneStepAt4time OneStepAt4time OneStepAt4time approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@OneStepAt4time