[Snyk] Upgrade postcss from 8.4.16 to 8.4.20 #25

snyk-bot · 2023-01-03T22:05:50Z

Snyk has created this PR to upgrade postcss from 8.4.16 to 8.4.20.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 4 versions ahead of your current version.
The recommended version was released 23 days ago, on 2022-12-11.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Improper Input Validation SNYK-JS-JSONWEBTOKEN-3180020	456/1000 Why? Recently disclosed, CVSS 7.7	No Known Exploit
Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	456/1000 Why? Recently disclosed, CVSS 7.7	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	456/1000 Why? Recently disclosed, CVSS 7.7	Proof of Concept
Server-side Request Forgery (SSRF) SNYK-JS-UNDICI-2980286	456/1000 Why? Recently disclosed, CVSS 7.7	No Known Exploit
CRLF Injection SNYK-JS-UNDICI-2980276	456/1000 Why? Recently disclosed, CVSS 7.7	No Known Exploit
CRLF Injection SNYK-JS-UNDICI-2953389	456/1000 Why? Recently disclosed, CVSS 7.7	Proof of Concept
Improper Certificate Validation SNYK-JS-UNDICI-2928996	456/1000 Why? Recently disclosed, CVSS 7.7	Proof of Concept
Use of a Broken or Risky Cryptographic Algorithm SNYK-JS-JSONWEBTOKEN-3180026	456/1000 Why? Recently disclosed, CVSS 7.7	No Known Exploit
Improper Restriction of Security Token Assignment SNYK-JS-JSONWEBTOKEN-3180024	456/1000 Why? Recently disclosed, CVSS 7.7	No Known Exploit
Prototype Pollution SNYK-JS-JSON5-3182856	456/1000 Why? Recently disclosed, CVSS 7.7	Proof of Concept
Open Redirect SNYK-JS-GOT-2932019	456/1000 Why? Recently disclosed, CVSS 7.7	No Known Exploit
Information Exposure SNYK-JS-UNDICI-2957529	456/1000 Why? Recently disclosed, CVSS 7.7	Proof of Concept
Improper Authentication SNYK-JS-JSONWEBTOKEN-3180022	456/1000 Why? Recently disclosed, CVSS 7.7	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: postcss

8.4.20 - 2022-12-11
- Fixed source map generation for childless at-rules like @ layer.
8.4.19 - 2022-11-10
- Fixed whitespace preserving after AST transformations (by @ romainmenke).
8.4.18 - 2022-10-12
- Fixed an error on absolute: true with empty sourceContent (by @ KingSora).
8.4.17 - 2022-09-30
- Fixed Node.before() unexpected behavior (by @ romainmenke).
- Added TOC to docs (by @ muddv).
8.4.16 - 2022-08-06
- Fixed Root AST migration.

from postcss GitHub release notes

Commit messages

Package name: postcss

1d4c509 Release 8.4.20 version
905082a Add Node.js 10 to CI
20122e5 Fix childless at-rule map generation
ff7e8ce Merge pull request #1801 from romainmenke/invalid-sourcemap-with-at-layer--practical-grey-mouse-lemur-3c469975f4
d585976 Fix CI
744b15f Update dependencies
db935f1 invalid sourcemap with at layer
3cac84a Fix type tests
5113edb Update dependencies
c26baf3 Release 8.4.19 version
ed5103d Update dependencies
8086ea3 Merge pull request #1790 from romainmenke/fix-whitespace-bug--passionate-african-bush-elephant-9ae98c1a5a
4b38845 fix whitespace bug
cf9425a Merge pull request #1789 from eduardopilati/patch-1
ca04e0a Update plugins.md
fe63768 Update dependencies
3b6ba56 Add Node.js 19
d33f272 Release 8.4.18 version
75d6556 Update dependencies
a11d868 Merge pull request #1788 from KingSora/main
a1c0b8b delete package.lock
28be739 add toFileUrl function
edfd3e0 improvement
3d0d204 improve test