DaftDoris / newsdesk

https://newsdesk.daftdoris.com
MIT License
2 stars 1 forks source link

Update dependency postcss to v8.4.31 [SECURITY] #764

Open renovate[bot] opened 1 year ago

renovate[bot] commented 1 year ago

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
postcss (source) 8.4.21 -> 8.4.31 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2023-44270

An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \r discrepancies, as demonstrated by @font-face{ font:(\r/*);} in a rule.

This vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being originally included in a comment.


Release Notes

postcss/postcss (postcss) ### [`v8.4.31`](https://redirect.github.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8431) [Compare Source](https://redirect.github.com/postcss/postcss/compare/8.4.30...8.4.31) - Fixed `\r` parsing to fix CVE-2023-44270. ### [`v8.4.30`](https://redirect.github.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8430) [Compare Source](https://redirect.github.com/postcss/postcss/compare/8.4.29...8.4.30) - Improved source map performance (by Romain Menke). ### [`v8.4.29`](https://redirect.github.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8429) [Compare Source](https://redirect.github.com/postcss/postcss/compare/8.4.28...8.4.29) - Fixed `Node#source.offset` (by Ido Rosenthal). - Fixed docs (by Christian Oliff). ### [`v8.4.28`](https://redirect.github.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8428) [Compare Source](https://redirect.github.com/postcss/postcss/compare/8.4.27...8.4.28) - Fixed `Root.source.end` for better source map (by Romain Menke). - Fixed `Result.root` types when `process()` has no parser. ### [`v8.4.27`](https://redirect.github.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8427) [Compare Source](https://redirect.github.com/postcss/postcss/compare/8.4.26...8.4.27) - Fixed `Container` clone methods types. ### [`v8.4.26`](https://redirect.github.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8426) [Compare Source](https://redirect.github.com/postcss/postcss/compare/8.4.25...8.4.26) - Fixed clone methods types. ### [`v8.4.25`](https://redirect.github.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8425) [Compare Source](https://redirect.github.com/postcss/postcss/compare/8.4.24...8.4.25) - Improve stringify performance (by Romain Menke). - Fixed docs (by [@​vikaskaliramna07](https://redirect.github.com/vikaskaliramna07)). ### [`v8.4.24`](https://redirect.github.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8424) [Compare Source](https://redirect.github.com/postcss/postcss/compare/8.4.23...8.4.24) - Fixed `Plugin` types. ### [`v8.4.23`](https://redirect.github.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8423) [Compare Source](https://redirect.github.com/postcss/postcss/compare/8.4.22...8.4.23) - Fixed warnings in TypeDoc. ### [`v8.4.22`](https://redirect.github.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8422) [Compare Source](https://redirect.github.com/postcss/postcss/compare/8.4.21...8.4.22) - Fixed TypeScript support with `node16` (by Remco Haszing).

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.



Automerge: Enabled

cloudflare-workers-and-pages[bot] commented 1 year ago

Deploying with  Cloudflare Pages  Cloudflare Pages

Latest commit: 0a12570
Status: ✅  Deploy successful!
Preview URL: https://ec235b23.newsdesk.pages.dev
Branch Preview URL: https://renovate-npm-postcss-vulnera.newsdesk.pages.dev

View logs

sonarcloud[bot] commented 1 year ago

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication