Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build: update dependency postcss to v8.4.31 [security] #25945

Merged
merged 1 commit into from Oct 4, 2023
Merged

build: update dependency postcss to v8.4.31 [security] #25945

merged 1 commit into from Oct 4, 2023

Conversation

angular-robot
Copy link
Collaborator

@angular-robot angular-robot commented Oct 4, 2023
edited by alan-agius4

This PR contains the following updates:

Package Type Update Change
postcss (source) dependencies patch 8.4.30 -> 8.4.31

GitHub Vulnerability Alerts

CVE-2023-44270

An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \r discrepancies, as demonstrated by @font-face{ font:(\r/*);} in a rule.

Release Notes

postcss/postcss (postcss)

v8.4.31

Compare Source

Configuration

📅 Schedule: Branch creation - "" in timezone America/Tijuana, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

Closes #25944

@angular-robot angular-robot added action: merge The PR is ready for merge by the caretaker target: minor This PR is targeted for the next minor release labels Oct 4, 2023
@angular-robot angular-robot bot added the area: build & ci Related the build and CI infrastructure of the project label Oct 4, 2023
@clydin clydin merged commit 76da084 into angular:main Oct 4, 2023
36 checks passed
@angular-robot angular-robot deleted the ng-renovate/npm-postcss-vulnerability branch October 4, 2023 15:19
@alan-agius4 alan-agius4 mentioned this pull request Oct 5, 2023
Closed
1 task
@angular-automatic-lock-bot
Copy link

This issue has been automatically locked due to inactivity.
Please file a new issue if you are encountering a similar or related problem.

Read more about our automatic conversation locking policy.

This action has been performed automatically by a bot.

@angular-automatic-lock-bot angular-automatic-lock-bot bot locked and limited conversation to collaborators Nov 6, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@clydin clydin clydin approved these changes

Assignees
No one assigned
Labels
action: merge The PR is ready for merge by the caretaker area: build & ci Related the build and CI infrastructure of the project target: minor This PR is targeted for the next minor release
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

@angular-devkit/build-angular depends on vulnarable version of postcss
2 participants
@angular-robot @clydin