Bump PostCSS to 8.3, resolving CVE-2021-23368

Fixes PostCSS ReDoS vulnerability. See
https://www.npmjs.com/advisories/1693

package.json

@@ -26,7 +26,7 @@
   "dependencies": {
     "acorn": "^6.4.1",
     "normalize-path": "^3.0.0",
-    "postcss": "^7.0.16",
+    "postcss": "^8.3.0",
     "source-map": "^0.6.0",
     "through2": "^3.0.1"
   },