Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(deps): update dependency postcss to v8.4.31 [security] #582

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix(deps): update dependency postcss to v8.4.31 [security] #582

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Oct 8, 2023
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
postcss (source) 8.4.27 -> 8.4.31 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2023-44270

An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \r discrepancies, as demonstrated by @font-face{ font:(\r/*);} in a rule.

This vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being originally included in a comment.

Release Notes

postcss/postcss (postcss)

v8.4.31

Compare Source

v8.4.30

Compare Source

  • Improved source map performance (by Romain Menke).

v8.4.29

Compare Source

  • Fixed Node#source.offset (by Ido Rosenthal).
  • Fixed docs (by Christian Oliff).

v8.4.28

Compare Source

  • Fixed Root.source.end for better source map (by Romain Menke).
  • Fixed Result.root types when process() has no parser.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the 📦 package label Oct 8, 2023
@changeset-bot
Copy link

changeset-bot bot commented Oct 8, 2023
edited
Loading

⚠️ No Changeset found

Latest commit: 367bda6

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@vercel
Copy link

vercel bot commented Oct 8, 2023
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
chirpy ✅ Ready (Inspect) Visit Preview 💬 Add feedback Oct 30, 2024 6:19am

@cypress
Copy link

cypress bot commented Oct 8, 2023

4 failed tests on run #2039 ↗︎

4 2 0 1 Flakiness 0

Details:

chore(deps): update dependency postcss to v8.4.31 [security]
Project: chirpy Commit: bb72d9d327
Status: Failed Duration: 02:40 💡
Started: Oct 8, 2023 2:04 AM Ended: Oct 8, 2023 2:07 AM
Failed  home/header.spec.ts • 2 failed tests • Cypress Actions

View Output Video

Test Artifacts
Header > should show navigation links Output Screenshots Video
Header > should show user menu Output Screenshots Video
Failed  dashboard/project.spec.ts • 1 failed test • Cypress Actions

View Output Video

Test Artifacts
Project > should show integration doc Output Screenshots Video
Failed  home/index.spec.ts • 1 failed test • Cypress Actions

View Output Video

Test Artifacts
Index > main call to actions Output Screenshots Video

Review all test suite changes for PR #582 ↗︎

@renovate renovate bot force-pushed the renovate/npm-postcss-vulnerability branch from bb72d9d to fab520f Compare November 15, 2023 03:14
@renovate renovate bot force-pushed the renovate/npm-postcss-vulnerability branch from fab520f to 9be4b33 Compare December 2, 2023 10:37
@renovate renovate bot force-pushed the renovate/npm-postcss-vulnerability branch from 9be4b33 to c70d2af Compare January 26, 2024 06:30
@renovate renovate bot force-pushed the renovate/npm-postcss-vulnerability branch from c70d2af to ebea01b Compare March 4, 2024 06:32
@renovate renovate bot force-pushed the renovate/npm-postcss-vulnerability branch from ebea01b to beeac2f Compare April 1, 2024 01:26
@renovate renovate bot force-pushed the renovate/npm-postcss-vulnerability branch from beeac2f to 21117f3 Compare April 1, 2024 01:51
@renovate renovate bot force-pushed the renovate/npm-postcss-vulnerability branch from 21117f3 to 80af257 Compare April 16, 2024 13:47
@renovate renovate bot force-pushed the renovate/npm-postcss-vulnerability branch from 80af257 to 2eb7b3a Compare April 24, 2024 01:45
@renovate renovate bot force-pushed the renovate/npm-postcss-vulnerability branch from 2eb7b3a to bc6fc5a Compare October 15, 2024 12:41
@renovate renovate bot force-pushed the renovate/npm-postcss-vulnerability branch from bc6fc5a to 39e9330 Compare October 20, 2024 04:40
@renovate renovate bot force-pushed the renovate/npm-postcss-vulnerability branch from 39e9330 to 367bda6 Compare October 30, 2024 06:11
@renovate renovate bot changed the title chore(deps): update dependency postcss to v8.4.31 [security] fix(deps): update dependency postcss to v8.4.31 [security] Dec 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
📦 package
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants