search

SocialGouv / code-du-travail-numerique

Code du Travail Numérique
https://code.travail.gouv.fr
Apache License 2.0
104 stars 21 forks source link

chore(deps): update dependency postcss to v8.4.34 [security] #6165

Closed renovate[bot] closed 4 days ago

renovate[bot] commented 4 days ago

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
postcss (source) 8.4.33 -> 8.4.34 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2023-44270

An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \r discrepancies, as demonstrated by @font-face{ font:(\r/*);} in a rule.

This vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being originally included in a comment.

Release Notes

postcss/postcss (postcss) ### [`v8.4.34`](https://redirect.github.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8434) [Compare Source](https://redirect.github.com/postcss/postcss/compare/8.4.33...8.4.34) - Fixed `AtRule#nodes` type (by Tim Weißenfels). - Cleaned up code (by Dmitry Kirillov).

Configuration

📅 Schedule: Branch creation - "" in timezone Europe/Paris, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR was generated by Mend Renovate. View the repository job log.

socket-security[bot] commented 4 days ago

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher

🚮 Removed packages: npm/immer@9.0.21

View full report↗︎