chore(deps): update dependency stylelint to v15.10.1 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
stylelint (source)	15.9.0 -> 15.10.1

GitHub Vulnerability Alerts

GHSA-f7xj-rg7h-mc87

Summary

Our meow dependency (which we use for our CLI) depended on semver@5.7.1 . A vulnerability in this version of semver was recently identified and surfaced by npm audit:

Regular Expression Denial of Service - GHSA-c2qf-rxjj-qqgw

Details

Original post by the reporter:

"my npm audit show the report

semver <7.5.2
Severity: moderate
semver vulnerable to Regular Expression Denial of Service - GHSA-c2qf-rxjj-qqgw
No fix available

And my dependencies tree for semver show your package

├─┬ stylelint@15.9.0
│ └─┬ meow@9.0.0
│ └─┬ read-pkg-up@7.0.1
│ └─┬ read-pkg@5.2.0
│ └─┬ normalize-package-data@2.5.0
│ └── semver@5.7.1 deduped

I found that meow@10.x.x contains normalize-package-data@5 and I can fix this vulnerability because it uses semver@7. But I can't update meow to the new major version because your package doesn't allow it."

Update your package to use the 'meow' version >=10"

PoC

N/A

Impact

We anticipate the impact to be low as Stylelint is a dev tool and meow is only used on the CLI pathway.

---

Release Notes

stylelint/stylelint (stylelint)

v15.10.1

Compare Source

• Security: fix for semver vulnerability (#​7043) (@​romainmenke).
• Fixed: invalid option regression on Windows 10 (#​7043) (@​romainmenke).

v15.10.0

Compare Source

• Added: media-query-no-invalid (#​6963) (@​romainmenke).
• Added: support for JS objects with extends config option (#​6998) (@​fpetrakov).
• Fixed: inconsistent errored properties in stylelint.lint() return value (#​6983) (@​ybiquitous).
• Fixed: {selector,value}-no-vendor-prefix performance (#​7016) (@​jeddy3).
• Fixed: custom-property-pattern performance (#​7009) (@​jeddy3).
• Fixed: function-linear-gradient-no-nonstandard-direction false positives for <color-interpolation-method> (#​6987) (@​romainmenke).
• Fixed: function-name-case performance (#​7010) (@​jeddy3).
• Fixed: function-no-unknown performance (#​7004) (@​jeddy3).
• Fixed: function-url-quotes performance (#​7011) (@​jeddy3).
• Fixed: hue-degree-notation false negatives for oklch (#​7015) (@​romainmenke).
• Fixed: hue-degree-notation performance (#​7012) (@​jeddy3).
• Fixed: media-feature-name-no-unknown false positives for environment-blending, nav-controls, prefers-reduced-data, and video-color-gamut (#​6978) (@​romainmenke).
• Fixed: media-feature-name-no-vendor-prefix positions for *-device-pixel-ratio (#​6977) (@​romainmenke).
• Fixed: no-descending-specificity performance (#​7026) (@​romainmenke).
• Fixed: no-duplicate-at-import-rules false negatives for imports with supports and layer conditions (#​7001) (@​romainmenke).
• Fixed: selector-anb-no-unmatchable performance (#​7042) (@​romainmenke).
• Fixed: selector-id-pattern performance (#​7013) (@​jeddy3).
• Fixed: selector-pseudo-class-no-unknown false negatives for pseudo-elements with matching names (#​6964) (@​Mouvedia).
• Fixed: selector-pseudo-element-no-unknown performance (#​7007) (@​jeddy3).
• Fixed: selector-type-case performance (#​7041) (@​romainmenke).
• Fixed: selector-type-no-unknown performance (#​7027) (@​romainmenke).
• Fixed: unit-disallowed-list false negatives with percentages (#​7018) (@​romainmenke).

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.