search

UDA-EJIE / udaRUP

RUP components repository
Other
13 stars 10 forks source link

Bump postcss, postcss, autoprefixer, sanitize-html and precss #236

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 1 year ago

Bumps postcss to 8.4.17 and updates ancestor dependencies postcss, postcss, autoprefixer, sanitize-html and precss. These dependencies need to be updated together.

Updates postcss from 7.0.23 to 8.4.17

Release notes

Sourced from postcss's releases.

8.4.17

8.4.16

  • Fixed Root AST migration.

8.4.15

  • Fixed AST normalization after using custom parser with old PostCSS AST.

8.4.14

  • Print “old plugin API” warning only if plugin was used (by @​zardoy).

8.4.13

8.4.12

  • Fixed package.funding to have same value between all PostCSS packages.

8.4.11

  • Fixed Declaration#raws.value type.

8.4.10

  • Fixed package.funding URL format.

8.4.9

8.4.8

  • Fixed end position in empty Custom Properties.

8.4.7

  • Fixed Node#warn() type (by @​ybiquitous).
  • Fixed comment removal in values after ,.

8.4.6

  • Prevented comment removing when it change meaning of CSS.
  • Fixed parsing space in last semicolon-less CSS Custom Properties.
  • Fixed comment cleaning in CSS Custom Properties with space.
  • Fixed throwing an error on .root access for plugin-less case.

8.4.5

  • Fixed raws types to make object extendable (by @​43081j).
  • Moved from Yarn 1 to pnpm.

8.4.4

  • Fixed absolute path in source map on zero plugins mode.

8.4.3

  • Fixed this.css.replace is not a function error.

... (truncated)

Changelog

Sourced from postcss's changelog.

8.4.17

  • Fixed Node.before() unexpected behavior (by Romain Menke).
  • Added TOC to docs (by Mikhail Dedov).

8.4.16

  • Fixed Root AST migration.

8.4.15

  • Fixed AST normalization after using custom parser with old PostCSS AST.

8.4.14

  • Print “old plugin API” warning only if plugin was used (by @​zardoy).

8.4.13

  • Fixed append() error after using .parent (by Jordan Pittman).

8.4.12

  • Fixed package.funding to have same value between all PostCSS packages.

8.4.11

  • Fixed Declaration#raws.value type.

8.4.10

  • Fixed package.funding URL format.

8.4.9

  • Fixed package.funding (by Álvaro Mondéjar).

8.4.8

  • Fixed end position in empty Custom Properties.

8.4.7

  • Fixed Node#warn() type (by Masafumi Koba).
  • Fixed comment removal in values after ,.

8.4.6

  • Prevented comment removing when it change meaning of CSS.
  • Fixed parsing space in last semicolon-less CSS Custom Properties.
  • Fixed comment cleaning in CSS Custom Properties with space.
  • Fixed throwing an error on .root access for plugin-less case.

8.4.5

  • Fixed raws types to make object extendable (by James Garbutt).
  • Moved from Yarn 1 to pnpm.

8.4.4

  • Fixed absolute path in source map on zero plugins mode.

8.4.3

  • Fixed this.css.replace is not a function error.

... (truncated)

Commits
  • 34c0de4 Release 8.4.17 version
  • 9454dcc Merge pull request #1781 from romainmenke/fix-issue-1778--practical-snowy-owl...
  • 7278432 recalculate the insertion index after normalizing a node
  • e1538a4 Merge pull request #1780 from romainmenke/add-test-for-sorting-nodes--courage...
  • 24c1432 add test for sorting container.nodes
  • c047e0a Fix index
  • b163f07 Clean up CI
  • a002d8e Update docs
  • cedc6a5 Merge pull request #1779 from muddv/docs-index
  • 967d584 Update docs/writing-a-plugin.md
  • Additional commits viewable in compare view


Updates postcss from 7.0.16 to 8.4.17

Release notes

Sourced from postcss's releases.

8.4.17

8.4.16

  • Fixed Root AST migration.

8.4.15

  • Fixed AST normalization after using custom parser with old PostCSS AST.

8.4.14

  • Print “old plugin API” warning only if plugin was used (by @​zardoy).

8.4.13

8.4.12

  • Fixed package.funding to have same value between all PostCSS packages.

8.4.11

  • Fixed Declaration#raws.value type.

8.4.10

  • Fixed package.funding URL format.

8.4.9

8.4.8

  • Fixed end position in empty Custom Properties.

8.4.7

  • Fixed Node#warn() type (by @​ybiquitous).
  • Fixed comment removal in values after ,.

8.4.6

  • Prevented comment removing when it change meaning of CSS.
  • Fixed parsing space in last semicolon-less CSS Custom Properties.
  • Fixed comment cleaning in CSS Custom Properties with space.
  • Fixed throwing an error on .root access for plugin-less case.

8.4.5

  • Fixed raws types to make object extendable (by @​43081j).
  • Moved from Yarn 1 to pnpm.

8.4.4

  • Fixed absolute path in source map on zero plugins mode.

8.4.3

  • Fixed this.css.replace is not a function error.

... (truncated)

Changelog

Sourced from postcss's changelog.

8.4.17

  • Fixed Node.before() unexpected behavior (by Romain Menke).
  • Added TOC to docs (by Mikhail Dedov).

8.4.16

  • Fixed Root AST migration.

8.4.15

  • Fixed AST normalization after using custom parser with old PostCSS AST.

8.4.14

  • Print “old plugin API” warning only if plugin was used (by @​zardoy).

8.4.13

  • Fixed append() error after using .parent (by Jordan Pittman).

8.4.12

  • Fixed package.funding to have same value between all PostCSS packages.

8.4.11

  • Fixed Declaration#raws.value type.

8.4.10

  • Fixed package.funding URL format.

8.4.9

  • Fixed package.funding (by Álvaro Mondéjar).

8.4.8

  • Fixed end position in empty Custom Properties.

8.4.7

  • Fixed Node#warn() type (by Masafumi Koba).
  • Fixed comment removal in values after ,.

8.4.6

  • Prevented comment removing when it change meaning of CSS.
  • Fixed parsing space in last semicolon-less CSS Custom Properties.
  • Fixed comment cleaning in CSS Custom Properties with space.
  • Fixed throwing an error on .root access for plugin-less case.

8.4.5

  • Fixed raws types to make object extendable (by James Garbutt).
  • Moved from Yarn 1 to pnpm.

8.4.4

  • Fixed absolute path in source map on zero plugins mode.

8.4.3

  • Fixed this.css.replace is not a function error.

... (truncated)

Commits
  • 34c0de4 Release 8.4.17 version
  • 9454dcc Merge pull request #1781 from romainmenke/fix-issue-1778--practical-snowy-owl...
  • 7278432 recalculate the insertion index after normalizing a node
  • e1538a4 Merge pull request #1780 from romainmenke/add-test-for-sorting-nodes--courage...
  • 24c1432 add test for sorting container.nodes
  • c047e0a Fix index
  • b163f07 Clean up CI
  • a002d8e Update docs
  • cedc6a5 Merge pull request #1779 from muddv/docs-index
  • 967d584 Update docs/writing-a-plugin.md
  • Additional commits viewable in compare view


Updates autoprefixer from 7.2.6 to 10.4.12

Release notes

Sourced from autoprefixer's releases.

10.4.12

  • Fixed support of unit-less zero angle in backgrounds (by @​yisibl).

10.4.11

  • Fixed text-decoration prefixes by moving to MDN data (by @​romainmenke).

10.4.10

  • Fixed unicode-bidi prefixes by moving to MDN data.

10.4.9

  • Fixed css-unicode-bidi issue from latest Can I Use.

10.4.8

  • Do not print color-adjust warning if print-color-adjust also is in rule.

10.4.7

  • Fixed print-color-adjust support in Firefox.

10.4.6

  • Fixed print-color-adjust support.

10.4.5

10.4.4

  • Fixed package.funding to have same value between all PostCSS packages.

10.4.3

10.4.2

  • Fixed missed -webkit- prefix for width: stretch.

10.4.1

10.4 “ǃke e꞉ ǀxarra ǁke”

In Autoprefixer 10.4 @​lukewarlow added :autofill support:

input:-webkit-autofill {
  background-color: red;
}

input:autofill {
background-color: red;
}

... (truncated)

Changelog

Sourced from autoprefixer's changelog.

10.4.12

  • Fixed support of unit-less zero angle in backgrounds (by 一丝).

10.4.11

  • Fixed text-decoration prefixes by moving to MDN data (by Romain Menke).

10.4.10

  • Fixed unicode-bidi prefixes by moving to MDN data.

10.4.9

  • Fixed css-unicode-bidi issue from latest Can I Use.

10.4.8

  • Do not print color-adjust warning if print-color-adjust also is in rule.

10.4.7

  • Fixed print-color-adjust support in Firefox.

10.4.6

  • Fixed print-color-adjust support.

10.4.5

10.4.4

  • Fixed package.funding to have same value between all PostCSS packages.

10.4.3

  • Fixed package.funding (by Álvaro Mondéjar).

10.4.2

  • Fixed missed -webkit- prefix for width: stretch.

10.4.1

  • Fixed ::file-selector-button data (by Luke Warlow).

10.4 “ǃke e꞉ ǀxarra ǁke”

  • Added :autofill support (by Luke Warlow).

10.3.7

  • Replaced nanocolors to picocolors.

10.3.6

  • Updated nanocolors.
  • Reduced package size.

10.3.5

  • Replaced colorette to nanocolors.

10.3.4

... (truncated)

Commits


Updates sanitize-html from 1.16.3 to 1.27.5

Changelog

Sourced from sanitize-html's changelog.

1.27.5 (2020-09-23):

  • Updates README to include ES modules syntax.

1.27.4 (2020-08-26):

  • Fixes an IE11 regression from using Array.prototype.includes, replacing it with Array.prototype.indexOf.

1.27.3 (2020-08-12):

  • Fixes a bug when using transformTags with out textFilter. Thanks to Andrzej Porebski for the help with a failing test.

1.27.2 (2020-07-29):

  • Fixes CHANGELOG links. Thanks to Alex Mayer for the contribution.
  • Replaces srcset with parse-srcset. Thanks to Massimiliano Mirra for the contribution.

1.27.1 (2020-07-15):

  • Removes the unused chalk dependency.
  • Adds configuration for a Github stale bot.
  • Replace xtend package with native Object.assign.

1.27.0:

  • Adds the allowedIframeDomains option. This works similar to allowedIframeHostnames, where you would set it to an array of web domains. It would then permit any hostname on those domains to be used in iframe src attributes. Thanks to Stanislav Kravchenko for the contribution.

1.26.0:

  • Adds the option element to the default nonTextTagsArray of tags with contents that aren't meant to be displayed visually as text. This can be overridden with the nonTextTags option.

1.25.0:

  • Adds enforceHtmlBoundary option to process code bounded by the html tag, discarding any code outside of those tags.
  • Migrates to the main lodash package from the per method packages since they are deprecated and cause code duplication. Thanks to Merceyz for the contribution.
  • Adds a warning when style and script tags are allowed, as they are inherently vulnerable to being used in XSS attacks. That warning can be disabled by including the option allowVulnerableTags: true so this choice is knowing and explicit.

1.24.0:

  • Fixes a bug where self-closing tags resulted in deletion with disallowedTagsMode: 'escape' set. Thanks to Thiago Negri for the contribution.
  • Adds abbr to the default allowedTags for better accessibility support. Thanks to Will Farrell for the contribution.
  • Adds a mediaChildren property to the frame object in custom filters. This allows you to check for links or other parent tags that contain self-contained media to prevent collapse, regardless of whether there is also text inside. Thanks to axdg for the initial implementation and Marco Arduini for a failing test contribution.

1.23.0:

  • Adds eslint configuration and adds eslint to test script.
  • Sets sideEffects: false on package.json to allow module bundlers like webpack tree-shake this module and all the dependencies from client build. Thanks to Egor Voronov for the contribution.
  • Adds the tagName (HTML element name) as a second parameter passed to textFilter. Thanks to Slava for the contribution.

1.22.1:

ncreases the patch version of lodash.mergewith to enforce an audit fix.

1.22.0:

bumped htmlparser2 dependency to the 4.x series. This fixes longstanding bugs and should cause no bc breaks for this module, since the only bc breaks upstream are in regard to features we don't expose in this module.

1.21.1:

fixed issue with bad main setting in package.json that broke 1.21.0.

1.21.0:

new disallowedTagsMode option can be set to escape to escape disallowed tags rather than discarding them. Any subtags are handled as usual. If you want to recursively escape them too, you can set disallowedTagsMode to recursiveEscape. Thanks to Yehonatan Zecharia for this contribution.

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by alexbea, a new releaser for sanitize-html since your current version.


Updates precss from 2.0.0 to 4.0.0

Changelog

Sourced from precss's changelog.

4.0.0 (November 23, 2018)

  • Updated: postcss to 7.0.6 (major)
  • Updated: postcss-advanced-variables to 3.0.0 (major)
  • Updated: postcss-extend-rule to 2.0.0 (major)
  • Updated: postcss-nested to 4.1.0 (major)
  • Updated: postcss-preset-env to 6.4.0 (major)

3.1.2 (February 27, 2018)

  • Updated: postcss-advanced-variables to 2.3.3 (patch)
  • Updated: postcss-preset-env to 3.2.2 (patch)

3.1.1 (February 21, 2018)

  • Updated: Dependencies to latest working release (no major bumps)

3.1.0 (Janaury 22, 2018)

  • Updated: PostCSS Preset Env 2.1 (major)

3.0.0 (Janaury 16, 2018)

  • Changed: Using PostCSS Advanced Variables instead of the following;
    • PostCSS Import
    • PostCSS Mixins
  • Changed: Using PostCSS Preset Env instead of the following;
    • PostCSS Color Function
    • PostCSS Custom Media
    • PostCSS Custom Properties
    • PostCSS Custom Selectors
    • PostCSS Media MinMax
    • PostCSS Nesting
    • PostCSS Selector Matches
    • PostCSS Selector Not
  • Changed: Using PostCSS Extend Rule instead of PostCSS Extend
  • Updated: PostCSS Advanced Variables 2.3 (major)
  • Updated: PostCSS Property Lookup 2.0 (major)
  • Updated: PostCSS Nested 3.0 (major)
Commits


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/UDA-EJIE/udaRUP/network/alerts).
sonarcloud[bot] commented 1 year ago

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

xaabi6 commented 1 year ago

@dependabot rebase

dependabot[bot] commented 1 year ago

Looks like these dependencies are no longer a dependency, so this is no longer needed.