chore(deps): update dependency postcss to v8.4.31 [security] #33
No reviewers
Labels
No Label
Hacktoberfest
PR: draft
PR: merged
PR: partially-approved
PR: reviewed-approved
PR: reviewed-changes-requested
PR: unreviewed
bug
dependencies
documentation
duplicate
enhancement
good first issue
help wanted
invalid
question
wontfix
No Milestone
No project
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: sphericalkat/katbin#33
Loading…
Reference in New Issue
Block a user
No description provided.
Delete Branch "renovate/npm-postcss-vulnerability"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
This PR contains the following updates:
8.4.24
->8.4.31
GitHub Vulnerability Alerts
CVE-2023-44270
An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be
\r
discrepancies, as demonstrated by@font-face{ font:(\r/*);}
in a rule.This vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being originally included in a comment.
Release Notes
postcss/postcss (postcss)
v8.4.31
Compare Source
\r
parsing to fix CVE-2023-44270.v8.4.30
Compare Source
v8.4.29
Compare Source
Node#source.offset
(by Ido Rosenthal).v8.4.28
Compare Source
Root.source.end
for better source map (by Romain Menke).Result.root
types whenprocess()
has no parser.v8.4.27
Compare Source
Container
clone methods types.v8.4.26
Compare Source
v8.4.25
Compare Source
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.
Checkout
From your project repository, check out a new branch and test the changes.