Skip to content
This repository has been archived by the owner on Nov 10, 2023. It is now read-only.

chore(deps): update dependency postcss to v8.4.31 [security] #202

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): update dependency postcss to v8.4.31 [security] #202

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Oct 7, 2023
edited

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
postcss (source) 8.4.24 -> 8.4.31 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2023-44270

An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \r discrepancies, as demonstrated by @font-face{ font:(\r/*);} in a rule.

This vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being originally included in a comment.

Release Notes

postcss/postcss (postcss)

v8.4.31

Compare Source

v8.4.30

Compare Source

  • Improved source map performance (by Romain Menke).

v8.4.29

Compare Source

  • Fixed Node#source.offset (by Ido Rosenthal).
  • Fixed docs (by Christian Oliff).

v8.4.28

Compare Source

  • Fixed Root.source.end for better source map (by Romain Menke).
  • Fixed Result.root types when process() has no parser.

v8.4.27

Compare Source

  • Fixed Container clone methods types.

v8.4.26

Compare Source

  • Fixed clone methods types.

v8.4.25

Compare Source

Configuration

📅 Schedule: Branch creation - "" in timezone Asia/Tokyo, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot requested a review from Hiratake as a code owner October 7, 2023 20:17
@renovate renovate bot added the 🤖dependencies Pull requests that update a dependency file label Oct 7, 2023
@github-actions
Copy link

github-actions bot commented Oct 7, 2023

⚡ Successfully Cloudflare Pages deployed!

Name Link
🔨 Latest commit b7bc799
🔍 Latest deploy log https://github.com/jaoafa/jaoweb4/actions/runs/6443270243
😎 Deploy Preview Url https://a9f6e478.jaoweb.pages.dev
🌳 Environment preview

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@Hiratake Hiratake Awaiting requested review from Hiratake Hiratake is a code owner

At least 0 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
🤖dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
0 participants