π¨ Your current dependencies have known security vulnerabilities π¨
This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!
Here is everything you need to know about this upgrade. Please take a good look at what changed and the test results before merging this pull request.
Our meow dependency (which we use for our CLI) depended on semver@5.7.1 . A vulnerability in this version of semver was recently identified and surfaced by npm audit:
I found that meow@10.x.x contains normalize-package-data@5 and I can fix this vulnerability because it uses semver@7. But I can't update meow to the new major version because your package doesn't allow it."
Update your package to use the 'meow' version >=10"
PoC
N/A
Impact
We anticipate the impact to be low as Stylelint is a dev tool and meow is only used on the CLI pathway.
Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.
All Depfu comment commands
@βdepfu rebase
Rebases against your default branch and redoes this update
@βdepfu recreate
Recreates this PR, overwriting any edits that you've made to it
@βdepfu merge
Merges this PR once your tests are passing and conflicts are resolved
@βdepfu cancel merge
Cancels automatic merging of this PR
@βdepfu close
Closes this PR and deletes the branch
@βdepfu reopen
Restores the branch and reopens this PR (if it's closed)
@βdepfu pause
Ignores all future updates for this dependency and closes this PR
@βdepfu pause [minor|major]
Ignores all future minor/major updates for this dependency and closes this PR
@βdepfu resume
Future versions of this dependency will create PRs again (leaves this PR as is)
π¨ Your current dependencies have known security vulnerabilities π¨
This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!
Here is everything you need to know about this upgrade. Please take a good look at what changed and the test results before merging this pull request.
What changed?
β³οΈ stylelint (9.10.1 β 16.3.1) Β· Repo Β· Changelog
Security Advisories π¨
π¨ Stylelint has vulnerability in semver dependency
Release Notes
Too many releases to show here. View the full release notes.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
βοΈ html-tags (indirect, 2.0.0 β 3.3.1) Β· Repo
Release Notes
3.3.1
3.3.0
3.2.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 15 commits:
3.3.1
Add search HTML element to type definitions (#12)
3.3.0
Add `search` tag (#11)
Meta tweaks
3.2.0
Add TypeScript types as union type (#8)
Move to GitHub Actions (#7)
Meta tweaks
Make the TypeScript type a union of the HTML tags (#5)
3.1.0
Remove the deprecated `keygen` tag
3.0.0
Meta tweaks
Require Node.js 8, add TypeScript definition (#3)
βοΈ known-css-properties (indirect, 0.11.0 β 0.30.0) Β· Repo
Release Notes
0.30.0
0.29.0
0.28.0
0.27.0
0.26.0
0.25.0
0.24.0
0.23.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by more commits than we can show here.
βοΈ postcss-safe-parser (indirect, 4.0.2 β 7.0.0) Β· Repo Β· Changelog
Release Notes
5.0.2 (from changelog)
5.0.1 (from changelog)
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 43 commits:
Release 7.0 version
Update PostCSS peer req
Remove Node 12, 14, 16 support
Update dependencies and practies
Bump postcss from 8.4.21 to 8.4.31 (#38)
Update dependencies
Update CI config
Add funding option
Add Tidelift links
Add security note
Update project practices
Bump ansi-regex from 4.1.0 to 4.1.1 (#35)
Bump minimist from 1.2.5 to 1.2.6 (#34)
Bump nanoid from 3.1.30 to 3.2.0 (#33)
Bump shelljs from 0.8.4 to 0.8.5 (#32)
Update dependnecies
Bump tmpl from 1.0.4 to 1.0.5 (#28)
Bump set-getter from 0.1.0 to 0.1.1 (#27)
Release 6.0 version
Update peer dependencies
Update development practices
Clean up docs
Bump glob-parent from 5.1.1 to 5.1.2 (#26)
Bump ws from 7.3.1 to 7.4.6 (#25)
Bump postcss from 8.1.0 to 8.2.10 (#24)
Bump hosted-git-info from 2.8.8 to 2.8.9 (#23)
Bump handlebars from 4.7.6 to 4.7.7 (#22)
Bump node-notifier from 8.0.0 to 8.0.1 (#19)
Release 5.0.2 version
Update dependencies
Add funding links
Update dependencies
Release 5.0.1 version
Fix parsing missed semicolon
Update dependencies
Typo
Release 5.0 version
Use released PostCSS 8
Update for latest PostCSS
Update PostCSS
Remove old config
Use PostCSS 8 API
Bump acorn from 5.7.3 to 5.7.4 (#16)
π @βcsstools/css-parser-algorithms (added, 2.6.1)
π @βcsstools/css-tokenizer (added, 2.2.4)
π @βcsstools/media-query-list-parser (added, 2.1.9)
π @βcsstools/selector-specificity (added, 3.0.2)
π @βdual-bundle/import-meta-resolve (added, 4.0.0)
π colord (added, 2.9.3)
π css-functions-list (added, 3.2.1)
π env-paths (added, 2.2.1)
π lodash.truncate (added, 4.4.2)
π nanoid (added, 3.3.7)
π require-from-string (added, 2.0.2)
π source-map-js (added, 1.2.0)
π supports-hyperlinks (added, 3.0.0)
ποΈ @βmrmlnc/readdir-enhanced (removed)
ποΈ call-me-maybe (removed)
ποΈ clone-regexp (removed)
ποΈ decamelize-keys (removed)
ποΈ execall (removed)
ποΈ glob-to-regexp (removed)
ποΈ gonzales-pe (removed)
ποΈ is-supported-regexp-flag (removed)
ποΈ leven (removed)
ποΈ minimist-options (removed)
ποΈ normalize-selector (removed)
ποΈ postcss-html (removed)
ποΈ postcss-jsx (removed)
ποΈ postcss-less (removed)
ποΈ postcss-markdown (removed)
ποΈ postcss-reporter (removed)
ποΈ postcss-sass (removed)
ποΈ postcss-scss (removed)
ποΈ postcss-syntax (removed)
ποΈ quick-lru (removed)
ποΈ specificity (removed)
ποΈ style-search (removed)
ποΈ sugarss (removed)
ποΈ unist-util-find-all-after (removed)
Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with
@depfu rebase
.All Depfu comment commands