Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency postcss [SECURITY] #3406

Merged
merged 1 commit into from
Feb 12, 2022
Merged

Update dependency postcss [SECURITY] #3406

merged 1 commit into from
Feb 12, 2022

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Feb 8, 2022

WhiteSource Renovate

This PR contains the following updates:

Package Change
postcss 7.0.35 -> 7.0.36
postcss 7.0.36 -> 8.2.13

GitHub Vulnerability Alerts

CVE-2021-23368

The npm package postcss from 7.0.0 and before versions 7.0.36 and 8.2.10 is vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.

CVE-2021-23382

The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern /*\s* sourceMappingURL=(.*).

Configuration

📅 Schedule: "" (UTC).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by WhiteSource Renovate. View repository job log here.

@renovate renovate bot added the dependencies Pull requests that update a dependency file label Feb 8, 2022
@jellyfin-bot jellyfin-bot added the merge conflict Conflicts prevent merging label Feb 8, 2022
@renovate renovate bot force-pushed the renovate/npm-postcss-vulnerability branch from 27d1bfb to e7146e6 Compare February 8, 2022 18:04
@jellyfin-bot jellyfin-bot removed the merge conflict Conflicts prevent merging label Feb 8, 2022
@renovate renovate bot force-pushed the renovate/npm-postcss-vulnerability branch 14 times, most recently from d8dceb5 to a14750e Compare February 11, 2022 10:59
@renovate renovate bot force-pushed the renovate/npm-postcss-vulnerability branch from a14750e to 0728deb Compare February 11, 2022 19:16
@renovate renovate bot force-pushed the renovate/npm-postcss-vulnerability branch from 0728deb to e326e33 Compare February 11, 2022 23:10
@sonarcloud
Copy link

sonarcloud bot commented Feb 11, 2022

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

@thornbill thornbill merged commit 7360d2f into master Feb 12, 2022
@thornbill thornbill deleted the renovate/npm-postcss-vulnerability branch February 12, 2022 02:41
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nielsvanvelzen nielsvanvelzen nielsvanvelzen approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@nielsvanvelzen @thornbill @jellyfin-bot @renovate-bot