search

JounQin / react-hackernews

HackerNews clone built with React, ReactRouter & Redux, with full page server-side rendering
https://react-hn.1stg.me
MIT License
57 stars 21 forks source link

chore(deps): update dependency postcss to v8.2.13 [security] #243

Closed renovate[bot] closed 2 years ago

renovate[bot] commented 2 years ago

WhiteSource Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
postcss (source) 8.1.9 -> 8.2.13 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2021-23368

The npm package postcss from 7.0.0 and before versions 7.0.36 and 8.2.10 is vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.

CVE-2021-23382

The package postcss versions before 7.0.36 or between 8.0.0 and 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern \/*\s sourceMappingURL=(.).

Release Notes

postcss/postcss ### [`v8.2.13`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​8213) [Compare Source](https://togithub.com/postcss/postcss/compare/8.2.12...8.2.13) - Fixed ReDoS vulnerabilities in source map parsing (by Yeting Li). ### [`v8.2.12`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​8212) [Compare Source](https://togithub.com/postcss/postcss/compare/8.2.11...8.2.12) - Fixed `package.json` exports. ### [`v8.2.11`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​8211) [Compare Source](https://togithub.com/postcss/postcss/compare/8.2.10...8.2.11) - Fixed `DEP0148` warning in Node.js 16. - Fixed docs (by [@​semiromid](https://togithub.com/semiromid)). ### [`v8.2.10`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​8210) [Compare Source](https://togithub.com/postcss/postcss/compare/8.2.9...8.2.10) - Fixed ReDoS vulnerabilities in source map parsing. - Fixed webpack 5 support (by Barak Igal). - Fixed docs (by Roeland Moors). ### [`v8.2.9`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​829) [Compare Source](https://togithub.com/postcss/postcss/compare/8.2.8...8.2.9) - Exported `NodeErrorOptions` type (by Rouven Weßling). ### [`v8.2.8`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​828) [Compare Source](https://togithub.com/postcss/postcss/compare/8.2.7...8.2.8) - Fixed browser builds in webpack 4 (by Matt Jones). ### [`v8.2.7`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​827) [Compare Source](https://togithub.com/postcss/postcss/compare/8.2.6...8.2.7) - Fixed browser builds in webpack 5 (by Matt Jones). ### [`v8.2.6`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​826) [Compare Source](https://togithub.com/postcss/postcss/compare/8.2.5...8.2.6) - Fixed `Maximum call stack size exceeded` in `Node#toJSON`. - Fixed docs (by inokawa). ### [`v8.2.5`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​825) [Compare Source](https://togithub.com/postcss/postcss/compare/8.2.4...8.2.5) - Fixed escaped characters handling in `list.split` (by Natalie Weizenbaum). ### [`v8.2.4`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​824) [Compare Source](https://togithub.com/postcss/postcss/compare/8.2.3...8.2.4) - Added plugin name to `postcss.plugin()` warning (by Tom Williams). - Fixed docs (by Bill Columbia). ### [`v8.2.3`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​823) [Compare Source](https://togithub.com/postcss/postcss/compare/8.2.2...8.2.3) - Fixed `JSON.stringify(Node[])` support (by Niklas Mischkulnig). ### [`v8.2.2`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​822) [Compare Source](https://togithub.com/postcss/postcss/compare/8.2.1...8.2.2) - Fixed CSS-in-JS support (by James Garbutt). - Fixed plugin types (by Ludovico Fischer). - Fixed `Result#warn()` types. ### [`v8.2.1`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​8215) [Compare Source](https://togithub.com/postcss/postcss/compare/8.2.0...8.2.1) - Fixed `list` type definitions (by [@​n19htz](https://togithub.com/n19htz)). ### [`v8.2.0`](https://togithub.com/postcss/postcss/releases/8.2.0) [Compare Source](https://togithub.com/postcss/postcss/compare/8.1.14...8.2.0) Prince Orobas seal PostCSS 8.2 added a new API to serialize and deserialize CSS AST to JSON. ```js import { parse, fromJSON } from 'postcss' let root = parse('a{}', { from: 'input.css' }) let json = root.toJSON() // save to file, send by network, etc let root2 = fromJSON(json) ``` Thanks to [@​mischnic](https://togithub.com/mischnic) for [his work](https://togithub.com/postcss/postcss/pull/1484). ### [`v8.1.14`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​8114) [Compare Source](https://togithub.com/postcss/postcss/compare/8.1.13...8.1.14) - Fixed parser performance regression. ### [`v8.1.13`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​8113) [Compare Source](https://togithub.com/postcss/postcss/compare/8.1.12...8.1.13) - Fixed broken AST after moving nodes in visitor API. ### [`v8.1.12`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​8112) [Compare Source](https://togithub.com/postcss/postcss/compare/8.1.11...8.1.12) - Fixed Autoprefixer regression. ### [`v8.1.11`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​8111) [Compare Source](https://togithub.com/postcss/postcss/compare/8.1.10...8.1.11) - Added PostCSS update suggestion on unknown event in plugin. ### [`v8.1.10`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​8110) [Compare Source](https://togithub.com/postcss/postcss/compare/8.1.9...8.1.10) - Fixed `LazyResult` type export (by Evan You). - Fixed `LazyResult` type compatibility with `Promise` (by Anton Kastritskiy).

Configuration

📅 Schedule: "" (UTC).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by WhiteSource Renovate. View repository job log here.

changeset-bot[bot] commented 2 years ago

⚠️ No Changeset found

Latest commit: d294c3e8b1f18088a5abb72003c47adaef0ab707

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

vercel[bot] commented 2 years ago

This pull request is being automatically deployed with Vercel (learn more).
To see the status of your deployment, click below or on the icon next to each commit.

🔍 Inspect: https://vercel.com/jounqin/react-hackernews/G2BfiNU6Rzk979Jt1NUib3d9iCok
✅ Preview: https://react-hackernews-git-renovate-npm-postcss-vulnerability-jounqin.vercel.app