search

gianpaj / walnut.tv

🔥 Discover trending videos from Reddit and curated YouTube channels – Soon using Next.js. See `dev` branch
https://walnut.tv
10 stars 6 forks source link

Update dependency postcss to 8.2.13 [SECURITY] #118

Closed renovate[bot] closed 2 years ago

renovate[bot] commented 2 years ago

WhiteSource Renovate

This PR contains the following updates:

Package Change
postcss 7.0.36 -> 8.2.13

GitHub Vulnerability Alerts

CVE-2021-23382

The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern \/*\s sourceMappingURL=(.).

Configuration

📅 Schedule: "" (UTC).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by WhiteSource Renovate. View repository job log here.

ghost commented 2 years ago

Sider has detected 1 warning on analyzing the commit e4ad6b1.

If the errors persist even after retrying, the following actions may resolve them:

If you still have problems, feel free to ask us via chat. 💬

You can turn off such notifications if unnecessary.