An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \r discrepancies, as demonstrated by @font-face{ font:(\r/*);} in a rule.
Release Notes
postcss/postcss (postcss)
### [`v8.4.31`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8431)
[Compare Source](https://togithub.com/postcss/postcss/compare/8.4.30...8.4.31)
- Fixed `\r` parsing to fix CVE-2023-44270.
### [`v8.4.30`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8430)
[Compare Source](https://togithub.com/postcss/postcss/compare/8.4.29...8.4.30)
- Improved source map performance (by Romain Menke).
### [`v8.4.29`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8429)
[Compare Source](https://togithub.com/postcss/postcss/compare/8.4.28...8.4.29)
- Fixed `Node#source.offset` (by Ido Rosenthal).
- Fixed docs (by Christian Oliff).
### [`v8.4.28`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8428)
[Compare Source](https://togithub.com/postcss/postcss/compare/8.4.27...8.4.28)
- Fixed `Root.source.end` for better source map (by Romain Menke).
- Fixed `Result.root` types when `process()` has no parser.
### [`v8.4.27`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8427)
[Compare Source](https://togithub.com/postcss/postcss/compare/8.4.26...8.4.27)
- Fixed `Container` clone methods types.
### [`v8.4.26`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8426)
[Compare Source](https://togithub.com/postcss/postcss/compare/8.4.25...8.4.26)
- Fixed clone methods types.
### [`v8.4.25`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8425)
[Compare Source](https://togithub.com/postcss/postcss/compare/8.4.24...8.4.25)
- Improve stringify performance (by Romain Menke).
- Fixed docs (by [@vikaskaliramna07](https://togithub.com/vikaskaliramna07)).
### [`v8.4.24`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8424)
[Compare Source](https://togithub.com/postcss/postcss/compare/8.4.23...8.4.24)
- Fixed `Plugin` types.
### [`v8.4.23`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8423)
[Compare Source](https://togithub.com/postcss/postcss/compare/8.4.22...8.4.23)
- Fixed warnings in TypeDoc.
### [`v8.4.22`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8422)
[Compare Source](https://togithub.com/postcss/postcss/compare/8.4.21...8.4.22)
- Fixed TypeScript support with `node16` (by Remco Haszing).
### [`v8.4.21`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8421)
[Compare Source](https://togithub.com/postcss/postcss/compare/8.4.20...8.4.21)
- Fixed `Input#error` types (by Aleks Hudochenkov).
### [`v8.4.20`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8420)
[Compare Source](https://togithub.com/postcss/postcss/compare/8.4.19...8.4.20)
- Fixed source map generation for childless at-rules like `@layer`.
### [`v8.4.19`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8419)
[Compare Source](https://togithub.com/postcss/postcss/compare/8.4.18...8.4.19)
- Fixed whitespace preserving after AST transformations (by Romain Menke).
### [`v8.4.18`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8418)
[Compare Source](https://togithub.com/postcss/postcss/compare/8.4.17...8.4.18)
- Fixed an error on `absolute: true` with empty `sourceContent` (by Rene Haas).
### [`v8.4.17`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8417)
[Compare Source](https://togithub.com/postcss/postcss/compare/8.4.16...8.4.17)
- Fixed `Node.before()` unexpected behavior (by Romain Menke).
- Added TOC to docs (by Mikhail Dedov).
### [`v8.4.16`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8416)
[Compare Source](https://togithub.com/postcss/postcss/compare/8.4.15...8.4.16)
- Fixed `Root` AST migration.
### [`v8.4.15`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8415)
[Compare Source](https://togithub.com/postcss/postcss/compare/8.4.14...8.4.15)
- Fixed AST normalization after using custom parser with old PostCSS AST.
### [`v8.4.14`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8414)
[Compare Source](https://togithub.com/postcss/postcss/compare/8.4.13...8.4.14)
- Print “old plugin API” warning only if plugin was used (by [@zardoy](https://togithub.com/zardoy)).
### [`v8.4.13`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8413)
[Compare Source](https://togithub.com/postcss/postcss/compare/8.4.12...8.4.13)
- Fixed `append()` error after using `.parent` (by Jordan Pittman).
Configuration
📅 Schedule: Branch creation - "" in timezone Europe/Paris, Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
8.4.12
->8.4.31
GitHub Vulnerability Alerts
CVE-2023-44270
An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be
\r
discrepancies, as demonstrated by@font-face{ font:(\r/*);}
in a rule.Release Notes
postcss/postcss (postcss)
### [`v8.4.31`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8431) [Compare Source](https://togithub.com/postcss/postcss/compare/8.4.30...8.4.31) - Fixed `\r` parsing to fix CVE-2023-44270. ### [`v8.4.30`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8430) [Compare Source](https://togithub.com/postcss/postcss/compare/8.4.29...8.4.30) - Improved source map performance (by Romain Menke). ### [`v8.4.29`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8429) [Compare Source](https://togithub.com/postcss/postcss/compare/8.4.28...8.4.29) - Fixed `Node#source.offset` (by Ido Rosenthal). - Fixed docs (by Christian Oliff). ### [`v8.4.28`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8428) [Compare Source](https://togithub.com/postcss/postcss/compare/8.4.27...8.4.28) - Fixed `Root.source.end` for better source map (by Romain Menke). - Fixed `Result.root` types when `process()` has no parser. ### [`v8.4.27`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8427) [Compare Source](https://togithub.com/postcss/postcss/compare/8.4.26...8.4.27) - Fixed `Container` clone methods types. ### [`v8.4.26`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8426) [Compare Source](https://togithub.com/postcss/postcss/compare/8.4.25...8.4.26) - Fixed clone methods types. ### [`v8.4.25`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8425) [Compare Source](https://togithub.com/postcss/postcss/compare/8.4.24...8.4.25) - Improve stringify performance (by Romain Menke). - Fixed docs (by [@vikaskaliramna07](https://togithub.com/vikaskaliramna07)). ### [`v8.4.24`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8424) [Compare Source](https://togithub.com/postcss/postcss/compare/8.4.23...8.4.24) - Fixed `Plugin` types. ### [`v8.4.23`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8423) [Compare Source](https://togithub.com/postcss/postcss/compare/8.4.22...8.4.23) - Fixed warnings in TypeDoc. ### [`v8.4.22`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8422) [Compare Source](https://togithub.com/postcss/postcss/compare/8.4.21...8.4.22) - Fixed TypeScript support with `node16` (by Remco Haszing). ### [`v8.4.21`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8421) [Compare Source](https://togithub.com/postcss/postcss/compare/8.4.20...8.4.21) - Fixed `Input#error` types (by Aleks Hudochenkov). ### [`v8.4.20`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8420) [Compare Source](https://togithub.com/postcss/postcss/compare/8.4.19...8.4.20) - Fixed source map generation for childless at-rules like `@layer`. ### [`v8.4.19`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8419) [Compare Source](https://togithub.com/postcss/postcss/compare/8.4.18...8.4.19) - Fixed whitespace preserving after AST transformations (by Romain Menke). ### [`v8.4.18`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8418) [Compare Source](https://togithub.com/postcss/postcss/compare/8.4.17...8.4.18) - Fixed an error on `absolute: true` with empty `sourceContent` (by Rene Haas). ### [`v8.4.17`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8417) [Compare Source](https://togithub.com/postcss/postcss/compare/8.4.16...8.4.17) - Fixed `Node.before()` unexpected behavior (by Romain Menke). - Added TOC to docs (by Mikhail Dedov). ### [`v8.4.16`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8416) [Compare Source](https://togithub.com/postcss/postcss/compare/8.4.15...8.4.16) - Fixed `Root` AST migration. ### [`v8.4.15`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8415) [Compare Source](https://togithub.com/postcss/postcss/compare/8.4.14...8.4.15) - Fixed AST normalization after using custom parser with old PostCSS AST. ### [`v8.4.14`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8414) [Compare Source](https://togithub.com/postcss/postcss/compare/8.4.13...8.4.14) - Print “old plugin API” warning only if plugin was used (by [@zardoy](https://togithub.com/zardoy)). ### [`v8.4.13`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8413) [Compare Source](https://togithub.com/postcss/postcss/compare/8.4.12...8.4.13) - Fixed `append()` error after using `.parent` (by Jordan Pittman).Configuration
📅 Schedule: Branch creation - "" in timezone Europe/Paris, Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.