Closed renovate[bot] closed 11 months ago
The latest updates on your projects. Learn more about Vercel for Git βοΈ
Name | Status | Preview | Comments | Updated (UTC) |
---|---|---|---|---|
next-enterprise | β Ready (Inspect) | Visit Preview | π¬ Add feedback | Oct 8, 2023 4:29am |
This analysis was generated by the Next.js Bundle Analysis action. π€
This PR introduced no changes to the JavaScript bundle! π
This PR contains the following updates:
8.4.30
->8.4.31
GitHub Vulnerability Alerts
CVE-2023-44270
An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be
\r
discrepancies, as demonstrated by@font-face{ font:(\r/*);}
in a rule.This vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being originally included in a comment.
Release Notes
postcss/postcss (postcss)
### [`v8.4.31`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8431) [Compare Source](https://togithub.com/postcss/postcss/compare/8.4.30...8.4.31) - Fixed `\r` parsing to fix CVE-2023-44270.Configuration
π Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
π¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.
β» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.