The npm package postcss from 7.0.0 and before versions 7.0.36 and 8.2.10 is vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.
The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern \/*\s sourceMappingURL=(.).
This PR contains the following updates:
8.2.4
->8.2.13
GitHub Vulnerability Alerts
CVE-2021-23368
The npm package
postcss
from 7.0.0 and before versions 7.0.36 and 8.2.10 is vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.CVE-2021-23382
The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern \/*\s sourceMappingURL=(.).
Release Notes
postcss/postcss
### [`v8.2.13`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8213) [Compare Source](https://togithub.com/postcss/postcss/compare/8.2.12...8.2.13) - Fixed ReDoS vulnerabilities in source map parsing (by Yeting Li). ### [`v8.2.12`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8212) [Compare Source](https://togithub.com/postcss/postcss/compare/8.2.11...8.2.12) - Fixed `package.json` exports. ### [`v8.2.11`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8211) [Compare Source](https://togithub.com/postcss/postcss/compare/8.2.10...8.2.11) - Fixed `DEP0148` warning in Node.js 16. - Fixed docs (by [@semiromid](https://togithub.com/semiromid)). ### [`v8.2.10`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8210) [Compare Source](https://togithub.com/postcss/postcss/compare/8.2.9...8.2.10) - Fixed ReDoS vulnerabilities in source map parsing. - Fixed webpack 5 support (by Barak Igal). - Fixed docs (by Roeland Moors). ### [`v8.2.9`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#829) [Compare Source](https://togithub.com/postcss/postcss/compare/8.2.8...8.2.9) - Exported `NodeErrorOptions` type (by Rouven Weßling). ### [`v8.2.8`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#828) [Compare Source](https://togithub.com/postcss/postcss/compare/8.2.7...8.2.8) - Fixed browser builds in webpack 4 (by Matt Jones). ### [`v8.2.7`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#827) [Compare Source](https://togithub.com/postcss/postcss/compare/8.2.6...8.2.7) - Fixed browser builds in webpack 5 (by Matt Jones). ### [`v8.2.6`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#826) [Compare Source](https://togithub.com/postcss/postcss/compare/8.2.5...8.2.6) - Fixed `Maximum call stack size exceeded` in `Node#toJSON`. - Fixed docs (by inokawa). ### [`v8.2.5`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#825) [Compare Source](https://togithub.com/postcss/postcss/compare/8.2.4...8.2.5) - Fixed escaped characters handling in `list.split` (by Natalie Weizenbaum).Configuration
📅 Schedule: "" (UTC).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.