[Security] Bump postcss from 8.4.19 to 8.4.31
Bumps postcss from 8.4.19 to 8.4.31. This update includes a security fix.
Vulnerabilities fixed
PostCSS line return parsing error An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be
\r
discrepancies, as demonstrated by@font-face{ font:(\r/*);}
in a rule.Patched versions: 8.4.31 Affected versions: < 8.4.31
Release notes
Sourced from postcss's releases.
8.4.31
- Fixed
\r
parsing to fix CVE-2023-44270.8.4.30
- Improved source map performance (by
@romainmenke
).8.4.29
8.4.28
- Fixed
Root.source.end
for better source map (by@romainmenke
).- Fixed
Result.root
types whenprocess()
has no parser.8.4.27
- Fixed
Container
clone methods types.8.4.26
- Fixed clone methods types.
8.4.25
- Improve stringify performance (by
@romainmenke
).- Fixed docs (by
@vikaskaliramna07
).8.4.24
- Fixed
Plugin
types.8.4.23
- Fixed warnings in TypeDoc.
8.4.22
- Fixed TypeScript support with
node16
(by@remcohaszing
).8.4.21
- Fixed
Input#error
types (by@hudochenkov
).8.4.20
- Fixed source map generation for childless at-rules like
@layer
.
Changelog
Sourced from postcss's changelog.
8.4.31
- Fixed
\r
parsing to fix CVE-2023-44270.8.4.30
- Improved source map performance (by Romain Menke).
8.4.29
- Fixed
Node#source.offset
(by Ido Rosenthal).- Fixed docs (by Christian Oliff).
8.4.28
- Fixed
Root.source.end
for better source map (by Romain Menke).- Fixed
Result.root
types whenprocess()
has no parser.8.4.27
- Fixed
Container
clone methods types.8.4.26
- Fixed clone methods types.
8.4.25
- Improve stringify performance (by Romain Menke).
- Fixed docs (by
@vikaskaliramna07
).8.4.24
- Fixed
Plugin
types.8.4.23
- Fixed warnings in TypeDoc.
8.4.22
- Fixed TypeScript support with
node16
(by Remco Haszing).8.4.21
- Fixed
Input#error
types (by Aleks Hudochenkov).8.4.20
- Fixed source map generation for childless at-rules like
@layer
.
Commits
-
90208de
Release 8.4.31 version -
58cc860
Fix carrier return parsing -
4fff8e4
Improve pnpm test output -
cd43ed1
Update dependencies -
caa916b
Update dependencies -
8972f76
Typo -
11a5286
Typo -
45c5501
Release 8.4.30 version -
bc3c341
Update linter -
b2be58a
Merge pull request #1881 from romainmenke/improve-sourcemap-performance--phil... - Additional commits viewable in compare view
Dependabot commands
You can trigger Dependabot actions by commenting on this MR
-
$dependabot rebase
will rebase this MR -
$dependabot recreate
will recreate this MR rewriting all the manual changes and resolving conflicts