Skip to content

Javascript dependency: Bump postcss from 8.5.13 to 8.5.14 in /web#9889

Closed
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/web/postcss-8.5.12
Closed

Javascript dependency: Bump postcss from 8.5.13 to 8.5.14 in /web#9889
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/web/postcss-8.5.12

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 27, 2026
edited
Loading

Bumps postcss from 8.5.13 to 8.5.14.

Release notes

Sourced from postcss's releases.

8.5.14

Changelog

Sourced from postcss's changelog.

8.5.14

Commits

@dependabot dependabot Bot added the Dependencies Pull requests that update a dependency file label Apr 27, 2026
@dependabot
Javascript dependency: Bump postcss from 8.5.13 to 8.5.14 in /web
348f0cf 
Bumps [postcss](https://github.com/postcss/postcss) from 8.5.13 to 8.5.14.
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.5.13...8.5.14)

---
updated-dependencies:
- dependency-name: postcss
  dependency-version: 8.5.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title Javascript dependency: Bump postcss from 8.5.10 to 8.5.12 in /web Javascript dependency: Bump postcss from 8.5.13 to 8.5.14 in /web May 6, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/web/postcss-8.5.12 branch from 2467a51 to 348f0cf Compare May 6, 2026 06:52
@asheshv asheshv mentioned this pull request May 20, 2026
Merged
6 tasks
asheshv added a commit that referenced this pull request May 20, 2026
@asheshv
chore: Apply non-breaking dependency updates from open dependabot PRs (
aad2dfd 
…#9954)

Python:
- requirements.txt: google-auth-oauthlib 1.3.1 -> 1.4.0
  (#9929 / #9931), gated so Python 3.9 stays on 1.3.1 (1.4.0
  requires python_version >= 3.10). Mirrors the existing
  boto3 1.42.*/1.43.* split.
- tools/requirements.txt: requests >=2.33.1 -> >=2.34.2 on
  python_version > '3.9' (#9943 / #9944).
- web/regression/requirements.txt: selenium 4.43.0 -> 4.44.0
  (#9946). The selenium pin already requires Python >=3.10 in
  master, so the bump introduces no new 3.9 gap.

JavaScript (web/package.json, web/yarn.lock):
- postcss 8.5.12 -> 8.5.14 (#9874 / #9889)
- @tanstack/react-query 5.100.5 -> 5.100.9 (#9878)
- ip-address 10.1.0 -> 10.1.1 (#9918)
- packageManager pin yarn@4.14.0 -> yarn@4.15.0 and regenerate
  yarn.lock at lockfile __metadata.version 10. CI runs yarn
  4.15.0 with hardened mode on public PRs and refuses to migrate
  the lockfile from version 9 (yarn 4.14.x) to 10; master passes
  today only because hardened mode is PR-only.

Electron runtime (runtime/package.json, runtime/yarn.lock):
- axios 1.16.0 -> 1.16.1 (#9948)
- eslint 10.3.0 -> 10.4.0 (#9947)

Skipped (genuine breaking changes, deferred to follow-up PRs):
- @mui/material 7 -> 9 (#9843)
- @mui/x-date-pickers 8 -> 9 (#9888)
- cryptography 47.0.* -> 48.0.* (#9926 / #9932)
- paramiko 3.5.1 -> 5.0.0 (#9927 / #9930)
- electron 41.5.0 -> 42.1.0 (#9945)

Verified in an isolated worktree:

  - jest:        140/0/0 suites, 824/0/0 tests
  - eslint:      clean (web + runtime, both silent)
  - pycodestyle: 0 violations project-wide

Each version was cross-checked against the corresponding
dependabot PR diff via `gh pr diff`. Each Python bump was
cross-checked against PyPI's requires_python so Python 3.9
support stays intact.
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 20, 2026

Looks like postcss is up-to-date now, so this is no longer needed.

@dependabot dependabot Bot closed this May 20, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/web/postcss-8.5.12 branch May 20, 2026 09:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants