Closed dependabot[bot] closed 9 months ago
@dependabot merge
On Fri, Oct 6, 2023 at 10:31 PM dependabot[bot] @.***> wrote:
This automated pull request fixes a security vulnerability https://github.com/Kevin-Kwan/portfolio-next/security/dependabot/2 (moderate severity).
Learn more about Dependabot security updates https://docs.github.com/github/managing-security-vulnerabilities/configuring-dependabot-security-updates.
Bumps postcss https://github.com/postcss/postcss from 8.4.28 to 8.4.31. Release notes
Sourced from postcss's releases https://github.com/postcss/postcss/releases.
8.4.31
- Fixed \r parsing to fix CVE-2023-44270 https://github.com/advisories/GHSA-7fh5-64p2-3v2j.
8.4.30
- Improved source map performance (by @romainmenke https://github.com/romainmenke).
8.4.29
- Fixed Node#source.offset (by @idoros https://github.com/idoros).
- Fixed docs (by @coliff https://github.com/coliff).
Changelog
Sourced from postcss's changelog https://github.com/postcss/postcss/blob/main/CHANGELOG.md.
8.4.31
- Fixed \r parsing to fix CVE-2023-44270 https://github.com/advisories/GHSA-7fh5-64p2-3v2j.
8.4.30
- Improved source map performance (by Romain Menke).
8.4.29
- Fixed Node#source.offset (by Ido Rosenthal).
- Fixed docs (by Christian Oliff).
Commits
- 90208de https://github.com/postcss/postcss/commit/90208de8805dd762596c0028b8637ffbed23e371 Release 8.4.31 version
- 58cc860 https://github.com/postcss/postcss/commit/58cc860b4c1707510c9cd1bc1fa30b423a9ad6c5 Fix carrier return parsing
- 4fff8e4 https://github.com/postcss/postcss/commit/4fff8e4cdc237619df1d73a444c0a8329701c1e2 Improve pnpm test output
- cd43ed1 https://github.com/postcss/postcss/commit/cd43ed123274a92ebc13a1e8cccf1d65b8198f84 Update dependencies
- caa916b https://github.com/postcss/postcss/commit/caa916bdcbf66c51321574e2dde112ab13e8b306 Update dependencies
- 8972f76 https://github.com/postcss/postcss/commit/8972f76923e921a3c9655822382039b31b1c8e1a Typo
- 11a5286 https://github.com/postcss/postcss/commit/11a5286f781d2a637f2c545c5e9cd661055acaab Typo
- 45c5501 https://github.com/postcss/postcss/commit/45c55017776fc61f7815d1ea8e92d5291ca5d6c8 Release 8.4.30 version
- bc3c341 https://github.com/postcss/postcss/commit/bc3c341f589f9c15f1b56838a33d908374e537e0 Update linter
- b2be58a https://github.com/postcss/postcss/commit/b2be58a2eb788d12474ee1335f8ecdb9fa6225aa Merge pull request #1881 https://redirect.github.com/postcss/postcss/issues/1881 from romainmenke/improve-sourcemap-performance--phil...
- Additional commits viewable in compare view https://github.com/postcss/postcss/compare/8.4.28...8.4.31
[image: Dependabot compatibility score] https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- @dependabot rebase will rebase this PR
- @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
- @dependabot merge will merge this PR after your CI passes on it
- @dependabot squash and merge will squash and merge this PR after your CI passes on it
- @dependabot cancel merge will cancel a previously requested merge and block automerging
- @dependabot reopen will reopen this PR if it is closed
- @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- @dependabot show
ignore conditions will show all of the ignore conditions of the specified dependency - @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page https://github.com/Kevin-Kwan/portfolio-next/network/alerts.
You can view, comment on, or merge this pull request online at:
https://github.com/Kevin-Kwan/portfolio-next/pull/1 Commit Summary
- 1c679b5 https://github.com/Kevin-Kwan/portfolio-next/pull/1/commits/1c679b5abc308d6e67b4800d735ad84a54306977 Bump postcss from 8.4.28 to 8.4.31
File Changes
(2 files https://github.com/Kevin-Kwan/portfolio-next/pull/1/files)
- M package-lock.json https://github.com/Kevin-Kwan/portfolio-next/pull/1/files#diff-053150b640a7ce75eff69d1a22cae7f0f94ad64ce9a855db544dda0929316519 (14)
- M package.json https://github.com/Kevin-Kwan/portfolio-next/pull/1/files#diff-7ae45ad102eab3b6d7e7896acd08c427a9b25b346470d7bc6507b6481575d519 (2)
Patch Links:
- https://github.com/Kevin-Kwan/portfolio-next/pull/1.patch
- https://github.com/Kevin-Kwan/portfolio-next/pull/1.diff
— Reply to this email directly, view it on GitHub https://github.com/Kevin-Kwan/portfolio-next/pull/1, or unsubscribe https://github.com/notifications/unsubscribe-auth/AML6B22ZSANUEWHWHBD2NLLX6C5HDAVCNFSM6AAAAAA5WSWMFSVHI2DSMVQWIX3LMV43ASLTON2WKOZRHEZTCMJUGAZDIMQ . You are receiving this because you are subscribed to this thread.Message ID: @.***>
Bumps postcss from 8.4.28 to 8.4.31.
Release notes
Sourced from postcss's releases.
Changelog
Sourced from postcss's changelog.
Commits
90208de
Release 8.4.31 version58cc860
Fix carrier return parsing4fff8e4
Improve pnpm test outputcd43ed1
Update dependenciescaa916b
Update dependencies8972f76
Typo11a5286
Typo45c5501
Release 8.4.30 versionbc3c341
Update linterb2be58a
Merge pull request #1881 from romainmenke/improve-sourcemap-performance--phil...Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show