Snyk has created this PR to upgrade postcss from 8.2.4 to 8.4.3.
As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.
:sparkles: Snyk has automatically assigned this pull request, set who gets assigned.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 27 versions ahead of your current version.
The recommended version was released 21 days ago, on 2021-11-26.
PostCSS 8.4 brought ranges for warnings and errors, smaller node_modules size, lazy parsing to avoid PostCSS does nothing warning, and TypeScript fixes.
Thanks to Sponsors
This release was possible thanks to our community.
If your company wants to support the sustainability of front-end infrastructure or wants to give some love to PostCSS, you can join our supporters by:
Tidelift with a Spotify-like subscription model supporting all projects from your lock file.
result.warn(msg,{ index })// One character warning at indexresult.warn(msg,{ endIndex })// Starts at node start, ends at endIndexresult.warn(msg,{ index, endIndex })// Starts at index, ends at endIndexresult.warn(msg,{ start })// Starts at start, ends at node endresult.warn(msg,{ end })// Starts at node start, ends at endresult.warn(msg,{ start, end })// Starts at start, ends at endresult.warn(msg,{ word })// Starts at word location, ends at word index + length
It will improve DX in the IDE extension.
Lazy Parsing
Previously, we found that many tools run PostCSS even if the developer didn’t pass any PostCSS plugins. Parsing is the most expensive step in CSS processing. It led to a waste of resources without any reason.
We tried to resolve the problem by adding a PostCSS does nothing warning. But it didn’t force tool authors to be more careful with user’s resources.
If PostCSS sees that tool call it without passing plugins (or changing parser/stringifier), PostCSS will not parse CSS (until toll will call Result#root). In 8.4, @ bogdan0083 (with the help of @ WilhelmYakunin) tries to solve the problem in another way. It allows us to save resources and remove the PostCSS does nothing warning.
// No plugins, we do not parse CSSletresult=awaitpostcss().process(css,{ from })result.css// Is the same string passed to process()result.map// Special 1-to-1 source mapresult.root// CSS will parsed only here
Install Size Reduction
With ≈60M weekly downloads, PostCSS has responsibility for the world’s resource spending.
In 8.4, we moved to a fixed version of source-map-js, which reduced the postcss size in your node_modules from ≈1 MB to 0.3 MB. With the huge popularity of PostCSS, it will free a lot of resources on our CIs.
Migration from Jest to uvu
@ kimoofey refactored all tests from the popular Jest framework to small and fast uvu.
It will not affect end-users. However, it reduced our node_modules size by 33 MB and made tests twice faster (yarn install & yarn unit: 24 → 13 seconds).
Snyk has created this PR to upgrade postcss from 8.2.4 to 8.4.3.
As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user. :sparkles: Snyk has automatically assigned this pull request, set who gets assigned.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
Release notes
Package name: postcss
this.css.replace is not a function
error.Stringifier
types (by @ 43081j).PostCSS 8.4 brought ranges for warnings and errors, smaller
node_modules
size, lazy parsing to avoidPostCSS does nothing
warning, and TypeScript fixes.Thanks to Sponsors
This release was possible thanks to our community.
If your company wants to support the sustainability of front-end infrastructure or wants to give some love to PostCSS, you can join our supporters by:
Rages for Errors and Warnings
@ adalinesimonian, the author of amazing Stylelint extension for VS Code, added ranges to errors and warnings.
It will improve DX in the IDE extension.
Lazy Parsing
Previously, we found that many tools run PostCSS even if the developer didn’t pass any PostCSS plugins. Parsing is the most expensive step in CSS processing. It led to a waste of resources without any reason.
We tried to resolve the problem by adding a
PostCSS does nothing
warning. But it didn’t force tool authors to be more careful with user’s resources.If PostCSS sees that tool call it without passing plugins (or changing parser/stringifier), PostCSS will not parse CSS (until toll will call
Result#root
). In 8.4, @ bogdan0083 (with the help of @ WilhelmYakunin) tries to solve the problem in another way. It allows us to save resources and remove thePostCSS does nothing
warning.Install Size Reduction
With ≈60M weekly downloads, PostCSS has responsibility for the world’s resource spending.
Together with @ 7rulnik we reduced
source-map-js
size. It is transitive dependency of PostCSS.In 8.4, we moved to a fixed version of
source-map-js
, which reduced thepostcss
size in yournode_modules
from ≈1 MB to 0.3 MB. With the huge popularity of PostCSS, it will free a lot of resources on our CIs.Migration from Jest to
uvu
@ kimoofey refactored all tests from the popular Jest framework to small and fast
uvu
.It will not affect end-users. However, it reduced our
node_modules
size by 33 MB and made tests twice faster (yarn install & yarn unit
: 24 → 13 seconds).TypeScript Fixes
Processor
types.Stringifier
types (by @ 43081j).Root
andDocument
in result values (by @ 43081j).Node#walkRules()
types (by @ hudochenkov).Other Changes
8.3.11
Maximum call stack
issue of some source maps (by @ yetingli).nanocolors
topicocolors
.Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
👩💻 Set who automatically gets assigned
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs