[Security] Bump postcss from 8.4.27 to 8.4.31 in /frontend
Bumps postcss from 8.4.27 to 8.4.31. This update includes a security fix.
Vulnerabilities fixed
PostCSS line return parsing error An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be
\r
discrepancies, as demonstrated by@font-face{ font:(\r/*);}
in a rule.Patched versions: 8.4.31 Affected versions: < 8.4.31
Release notes
Sourced from postcss's releases.
8.4.31
- Fixed
\r
parsing to fix CVE-2023-44270.8.4.30
- Improved source map performance (by
@romainmenke
).8.4.29
8.4.28
- Fixed
Root.source.end
for better source map (by@romainmenke
).- Fixed
Result.root
types whenprocess()
has no parser.
Changelog
Sourced from postcss's changelog.
8.4.31
- Fixed
\r
parsing to fix CVE-2023-44270.8.4.30
- Improved source map performance (by Romain Menke).
8.4.29
- Fixed
Node#source.offset
(by Ido Rosenthal).- Fixed docs (by Christian Oliff).
8.4.28
- Fixed
Root.source.end
for better source map (by Romain Menke).- Fixed
Result.root
types whenprocess()
has no parser.
Commits
-
90208de
Release 8.4.31 version -
58cc860
Fix carrier return parsing -
4fff8e4
Improve pnpm test output -
cd43ed1
Update dependencies -
caa916b
Update dependencies -
8972f76
Typo -
11a5286
Typo -
45c5501
Release 8.4.30 version -
bc3c341
Update linter -
b2be58a
Merge pull request #1881 from romainmenke/improve-sourcemap-performance--phil... - Additional commits viewable in compare view
Dependabot commands
You can trigger Dependabot actions by commenting on this MR
-
$dependabot rebase
will rebase this MR -
$dependabot recreate
will recreate this MR rewriting all the manual changes and resolving conflicts