search

aneillans / postybirb-plus

Remake of PostyBirb using React and NestJS
BSD 3-Clause "New" or "Revised" License
1 stars 0 forks source link

Bump postcss, react-scripts, sanitize-html, autoprefixer, postcss-cli and tailwindcss in /ui #66

Closed dependabot[bot] closed 11 months ago

dependabot[bot] commented 12 months ago

Bumps postcss to 8.4.31 and updates ancestor dependencies postcss, react-scripts, sanitize-html, autoprefixer, postcss-cli and tailwindcss. These dependencies need to be updated together.

Updates postcss from 6.0.23 to 8.4.31

Release notes

Sourced from postcss's releases.

8.4.31

  • Fixed \r parsing to fix CVE-2023-44270.

8.4.30

8.4.29

8.4.28

  • Fixed Root.source.end for better source map (by @​romainmenke).
  • Fixed Result.root types when process() has no parser.

8.4.27

  • Fixed Container clone methods types.

8.4.26

  • Fixed clone methods types.

8.4.25

8.4.24

  • Fixed Plugin types.

8.4.23

  • Fixed warnings in TypeDoc.

8.4.22

8.4.21

8.4.20

  • Fixed source map generation for childless at-rules like @layer.

8.4.19

  • Fixed whitespace preserving after AST transformations (by @​romainmenke).

8.4.18

  • Fixed an error on absolute: true with empty sourceContent (by @​KingSora).

8.4.17

8.4.16

... (truncated)

Changelog

Sourced from postcss's changelog.

8.4.31

  • Fixed \r parsing to fix CVE-2023-44270.

8.4.30

  • Improved source map performance (by Romain Menke).

8.4.29

  • Fixed Node#source.offset (by Ido Rosenthal).
  • Fixed docs (by Christian Oliff).

8.4.28

  • Fixed Root.source.end for better source map (by Romain Menke).
  • Fixed Result.root types when process() has no parser.

8.4.27

  • Fixed Container clone methods types.

8.4.26

  • Fixed clone methods types.

8.4.25

8.4.24

  • Fixed Plugin types.

8.4.23

  • Fixed warnings in TypeDoc.

8.4.22

  • Fixed TypeScript support with node16 (by Remco Haszing).

8.4.21

  • Fixed Input#error types (by Aleks Hudochenkov).

8.4.20

  • Fixed source map generation for childless at-rules like @layer.

8.4.19

  • Fixed whitespace preserving after AST transformations (by Romain Menke).

8.4.18

  • Fixed an error on absolute: true with empty sourceContent (by Rene Haas).

8.4.17

  • Fixed Node.before() unexpected behavior (by Romain Menke).
  • Added TOC to docs (by Mikhail Dedov).

8.4.16

... (truncated)

Commits


Updates react-scripts from 3.2.0 to 5.0.1

Changelog

Sourced from react-scripts's changelog.

3.4.4 (2020-10-20)

v3.4.4 release bumps resolve-url-loader to a version for which npm audit does not report a vulnerability. Note that this vulnerability did not affect Create React App projects, so this change is only necessary to satisfy auditing tools.

Migrating from 3.4.3 to 3.4.4

Inside any created project that has not been ejected, run:

npm install --save --save-exact react-scripts@3.4.4

or

yarn add --exact react-scripts@3.4.4

3.4.3 (2020-08-12)

v3.4.3 release bumps terser-webpack-plugin to a version for which npm audit does not report a vulnerability. Note that this vulnerability did not affect Create React App projects, so this change is only necessary to satisfy auditing tools.

Migrating from 3.4.2 to 3.4.3

Inside any created project that has not been ejected, run:

npm install --save --save-exact react-scripts@3.4.3

or

yarn add --exact react-scripts@3.4.3

3.4.2 (2020-08-11)

v3.4.2 release bumps webpack-dev-server to a version for which npm audit does not report a vulnerability. Note that this vulnerability did not affect Create React App projects, so this change is only necessary to satisfy auditing tools.

Migrating from 3.4.1 to 3.4.2

Inside any created project that has not been ejected, run:

npm install --save --save-exact react-scripts@3.4.2

or

... (truncated)

Commits


Updates sanitize-html from 1.27.5 to 2.11.0

Changelog

Sourced from sanitize-html's changelog.

2.11.0 (2023-06-21)

  • Fix to allow false in allowedClasses attributes. Thanks to Kevin Jiang for this fix!
  • Upgrade mocha version
  • Apply small linter fixes in tests
  • Add .idea temp files to .gitignore
  • Thanks to Vitalii Shpital for the updates!
  • Show parseStyleAttributes warning in browser only. Thanks to mog422 for this update!
  • Remove empty non-boolean attributes via an exhaustive, configurable list of known non-boolean attributes. Thanks to Dylan Armstrong for this update!

2.10.0 (2023-02-17)

  • Fix auto-adding escaped closing tags. In other words, do not add implied closing tags to disallowed tags when disallowedTagMode is set to any variant of escape -- just escape the disallowed tags that are present. This fixes [issue #464](apostrophecms/sanitize-html#464). Thanks to Daniel Liebner
  • Add tagAllowed() helper function which takes a tag name and checks it against options.allowedTags and returns true if the tag is allowed and false if it is not.

2.9.0 (2023-01-27)

2.8.1 (2022-12-21)

  • If the argument is a number, convert it to a string, for backwards compatibility. Thanks to Alexander Schranz.

2.8.0 (2022-12-12)

  • Upgrades htmlparser2 to new major version ^8.0.0. Thanks to Kedar Chandrayan for this contribution.

2.7.3 (2022-10-24)

  • If allowedTags is falsy but not exactly false, then do not assume that all tags are allowed. Rather, allow no tags in this case, to be on the safe side. This matches the existing documentation and fixes [issue #176](apostrophecms/sanitize-html#176). Thanks to Kedar Chandrayan for the fix.

2.7.2 (2022-09-15)

  • Closing tags must agree with opening tags. This fixes [issue #549](apostrophecms/sanitize-html#549), in which closing tags not associated with any permitted opening tag could be passed through. No known exploit exists, but it's better not to permit this. Thanks to Kedar Chandrayan for the report and the fix.

2.7.1 (2022-07-20)

  • Protocol-relative URLs are properly supported for script tags. Thanks to paweljq.
  • A denial-of-service vulnerability has been fixed by replacing global regular expression replacement logic for comment removal with a new implementation. Thanks to Nariyoshi Chida of NTT Security Japan for pointing out the issue.

2.7.0 (2022-02-04)

  • Allows a more sensible set of default attributes on <img /> tags. Thanks to Zade Viggers.

2.6.1 (2021-12-08)

... (truncated)

Commits


Updates autoprefixer from 9.8.6 to 10.4.16

Release notes

Sourced from autoprefixer's releases.

10.4.16

10.4.15

10.4.14

  • Improved startup time and reduced JS bundle size (by @​Knagis).

10.4.13

  • Fixed missed prefixes on vendor prefixes in name of CSS Custom Property.

10.4.12

  • Fixed support of unit-less zero angle in backgrounds (by @​yisibl).

10.4.11

  • Fixed text-decoration prefixes by moving to MDN data (by @​romainmenke).

10.4.10

  • Fixed unicode-bidi prefixes by moving to MDN data.

10.4.9

  • Fixed css-unicode-bidi issue from latest Can I Use.

10.4.8

  • Do not print color-adjust warning if print-color-adjust also is in rule.

10.4.7

  • Fixed print-color-adjust support in Firefox.

10.4.6

  • Fixed print-color-adjust support.

10.4.5

10.4.4

  • Fixed package.funding to have same value between all PostCSS packages.

10.4.3

10.4.2

  • Fixed missed -webkit- prefix for width: stretch.

10.4.1

... (truncated)

Changelog

Sourced from autoprefixer's changelog.

10.4.16

  • Improved performance (by Romain Menke).
  • Fixed docs (by Christian Oliff).

10.4.15

  • Fixed ::backdrop prefixes (by 一丝).
  • Fixed docs (by Christian Oliff).

10.4.14

  • Improved startup time and reduced JS bundle size (by Kārlis Gaņģis).

10.4.13

  • Fixed missed prefixes on vendor prefixes in name of CSS Custom Property.

10.4.12

  • Fixed support of unit-less zero angle in backgrounds (by 一丝).

10.4.11

  • Fixed text-decoration prefixes by moving to MDN data (by Romain Menke).

10.4.10

  • Fixed unicode-bidi prefixes by moving to MDN data.

10.4.9

  • Fixed css-unicode-bidi issue from latest Can I Use.

10.4.8

  • Do not print color-adjust warning if print-color-adjust also is in rule.

10.4.7

  • Fixed print-color-adjust support in Firefox.

10.4.6

  • Fixed print-color-adjust support.

10.4.5

10.4.4

  • Fixed package.funding to have same value between all PostCSS packages.

10.4.3

  • Fixed package.funding (by Álvaro Mondéjar).

10.4.2

  • Fixed missed -webkit- prefix for width: stretch.

10.4.1

  • Fixed ::file-selector-button data (by Luke Warlow).

... (truncated)

Commits


Updates postcss-cli from 6.1.3 to 10.1.0

Release notes

Sourced from postcss-cli's releases.

8.0.0 / 2020-09-21

  • BREAKING: Support postcss v8 (#344, #349)
  • BREAKING: postcss is now a peerDependency, you must install it seperately (#344, #349)
  • Upgrade dependencies (#340)

7.0.0 / 2020-01-07

Changelog

Sourced from postcss-cli's changelog.

10.1.0 / 2022-11-29

  • Allow running --watch mode in non-TTY contexts, like Docker (#448)
  • Update dependencies

10.0.0 / 2022-06-29

  • BREAKING: Drop Node 12 support (#438)
  • Add support for ESM config files (#437)

9.1.0 / 2021-12-10

  • Don't write to files if they're unchanged (#320, #417)

9.0.2 / 2021-11-04

  • Switch to picocolors (#409)
  • Remove test files from npm package

9.0.1 / 2021-09-28

  • Actually exit with error when attempting to stdout in watch mode
  • Remove bin/ from files in package.json

9.0.0 / 2021-09-24

  • BREAKING: Require Node.js v12+
  • BREAKING: Must specify full file path, including .js extension, when loading local plugins with --use (#401)
  • BREAKING: Officially remove support for watching postcss config (was already broken in previous releases)
  • Add support for dir-dependency messages (#383, #391)
  • Update deps

8.3.1 / 2020-12-12

  • Ensure paths are not interpreted as numbers (#360)
  • Better errors for incorrect postcss version (#361, #362)

8.3.0 / 2020-11-17

  • Exit on EOF/^D (#358)

8.2.0 / 2020-10-29

  • Allow backslashes in paths for better Windows experience (#355)

8.1.0 / 2020-10-08

  • Add support for postcss.config.cjs files (#351)

8.0.0 / 2020-09-21

... (truncated)

Commits


Updates tailwindcss from 1.9.6 to 3.3.3

Release notes

Sourced from tailwindcss's releases.

v3.3.3

Fixed

  • Fix issue where some pseudo-element variants generated the wrong selector (#10943, #10962, #11111)
  • Make font settings propagate into buttons, inputs, etc. (#10940)
  • Fix parsing of theme() inside calc() when there are no spaces around operators (#11157)
  • Ensure repeating-conic-gradient is detected as an image (#11180)
  • Move unknown pseudo-elements outside of :is by default (#11345)
  • Escape animation names when prefixes contain special characters (#11470)
  • Don't prefix arbitrary classes in group and peer variants (#11454)
  • Sort classes using position of first matching rule (#11504)
  • Allow variant to be an at-rule without a prelude (#11589)
  • Make PostCSS plugin async to improve performance (#11548)
  • Don’t error when a config file is missing (f97759f)

Added

  • Add aria-busy utility (#10966)

Changed

  • Reset padding for <dialog> elements in preflight (#11069)

v3.3.2

Fixed

  • Don’t move unknown pseudo-elements to the end of selectors (#10943, #10962)
  • Inherit gradient stop positions when using variants (#11002)
  • Honor default to position of gradient when using implicit transparent colors (#11002)
  • Ensure @tailwindcss/oxide doesn't leak in the stable engine (#10988)
  • Ensure multiple theme(spacing[5]) calls with bracket notation in arbitrary properties work (#11039)
  • Normalize arbitrary modifiers (#11057)

Changed

  • Drop support for Node.js v12 (#11089)

v3.3.1

Fixed

  • Fix edge case bug when loading a TypeScript config file with webpack (#10898)
  • Fix variant, @apply, and important selectors when using :is() or :has() with pseudo-elements (#10903)
  • Fix safelist config types (#10901)
  • Fix build errors caused by @tailwindcss/line-clamp warning (#10915, #10919)
  • Fix "process is not defined" error (#10919)

v3.3.0

Tailwind CSS v3.3 is here! Check out the announcement post for a deep dive into all of the cool new stuff.

... (truncated)

Changelog

Sourced from tailwindcss's changelog.

[3.3.3] - 2023-07-13

Fixed

  • Fix issue where some pseudo-element variants generated the wrong selector (#10943, #10962, #11111)
  • Make font settings propagate into buttons, inputs, etc. (#10940)
  • Fix parsing of theme() inside calc() when there are no spaces around operators (#11157)
  • Ensure repeating-conic-gradient is detected as an image (#11180)
  • Move unknown pseudo-elements outside of :is by default (#11345)
  • Escape animation names when prefixes contain special characters (#11470)
  • Don't prefix arbitrary classes in group and peer variants (#11454)
  • Sort classes using position of first matching rule (#11504)
  • Allow variant to be an at-rule without a prelude (#11589)
  • Make PostCSS plugin async to improve performance (#11548)
  • Don’t error when a config file is missing (f97759f)

Added

  • Add aria-busy utility (#10966)

Changed

  • Reset padding for <dialog> elements in preflight (#11069)

[3.3.2] - 2023-04-25

Fixed

  • Don’t move unknown pseudo-elements to the end of selectors (#10943, #10962)
  • Inherit gradient stop positions when using variants (#11002)
  • Honor default to position of gradient when using implicit transparent colors (#11002)
  • Ensure @tailwindcss/oxide doesn't leak in the stable engine (#10988)
  • Ensure multiple theme(spacing[5]) calls with bracket notation in arbitrary properties work (#11039)
  • Normalize arbitrary modifiers (#11057)

Changed

  • Drop support for Node.js v12 (#11089)

[3.3.1] - 2023-03-30

Fixed

  • Fix edge case bug when loading a TypeScript config file with webpack (#10898)
  • Fix variant, @apply, and important selectors when using :is() or :has() with pseudo-elements (#10903)
  • Fix safelist config types (#10901)
  • Fix build errors caused by @tailwindcss/line-clamp warning (#10915, #10919)
  • Fix "process is not defined" error (#10919)

[3.3.0] - 2023-03-27

... (truncated)

Commits


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/aneillans/postybirb-plus/network/alerts).
dependabot[bot] commented 11 months ago

Looks like these dependencies are updatable in another way, so this is no longer needed.