Update dependency postcss to v8.4.31 [SECURITY]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
postcss (source)	`8.4.4` -> `8.4.31`

GitHub Vulnerability Alerts

CVE-2023-44270

An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \r discrepancies, as demonstrated by @font-face{ font:(\r/*);} in a rule.

This vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being originally included in a comment.

Release Notes

postcss/postcss (postcss)

### [`v8.4.31`](https://redirect.github.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8431) [Compare Source](https://redirect.github.com/postcss/postcss/compare/8.4.30...8.4.31) - Fixed `\r` parsing to fix CVE-2023-44270. ### [`v8.4.30`](https://redirect.github.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8430) [Compare Source](https://redirect.github.com/postcss/postcss/compare/8.4.29...8.4.30) - Improved source map performance (by Romain Menke). ### [`v8.4.29`](https://redirect.github.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8429) [Compare Source](https://redirect.github.com/postcss/postcss/compare/8.4.28...8.4.29) - Fixed `Node#source.offset` (by Ido Rosenthal). - Fixed docs (by Christian Oliff). ### [`v8.4.28`](https://redirect.github.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8428) [Compare Source](https://redirect.github.com/postcss/postcss/compare/8.4.27...8.4.28) - Fixed `Root.source.end` for better source map (by Romain Menke). - Fixed `Result.root` types when `process()` has no parser. ### [`v8.4.27`](https://redirect.github.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8427) [Compare Source](https://redirect.github.com/postcss/postcss/compare/8.4.26...8.4.27) - Fixed `Container` clone methods types. ### [`v8.4.26`](https://redirect.github.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8426) [Compare Source](https://redirect.github.com/postcss/postcss/compare/8.4.25...8.4.26) - Fixed clone methods types. ### [`v8.4.25`](https://redirect.github.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8425) [Compare Source](https://redirect.github.com/postcss/postcss/compare/8.4.24...8.4.25) - Improve stringify performance (by Romain Menke). - Fixed docs (by [@vikaskaliramna07](https://redirect.github.com/vikaskaliramna07)). ### [`v8.4.24`](https://redirect.github.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8424) [Compare Source](https://redirect.github.com/postcss/postcss/compare/8.4.23...8.4.24) - Fixed `Plugin` types. ### [`v8.4.23`](https://redirect.github.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8423) [Compare Source](https://redirect.github.com/postcss/postcss/compare/8.4.22...8.4.23) - Fixed warnings in TypeDoc. ### [`v8.4.22`](https://redirect.github.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8422) [Compare Source](https://redirect.github.com/postcss/postcss/compare/8.4.21...8.4.22) - Fixed TypeScript support with `node16` (by Remco Haszing). ### [`v8.4.21`](https://redirect.github.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8421) [Compare Source](https://redirect.github.com/postcss/postcss/compare/8.4.20...8.4.21) - Fixed `Input#error` types (by Aleks Hudochenkov). ### [`v8.4.20`](https://redirect.github.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8420) [Compare Source](https://redirect.github.com/postcss/postcss/compare/8.4.19...8.4.20) - Fixed source map generation for childless at-rules like `@layer`. ### [`v8.4.19`](https://redirect.github.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8419) [Compare Source](https://redirect.github.com/postcss/postcss/compare/8.4.18...8.4.19) - Fixed whitespace preserving after AST transformations (by Romain Menke). ### [`v8.4.18`](https://redirect.github.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8418) [Compare Source](https://redirect.github.com/postcss/postcss/compare/8.4.17...8.4.18) - Fixed an error on `absolute: true` with empty `sourceContent` (by Rene Haas). ### [`v8.4.17`](https://redirect.github.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8417) [Compare Source](https://redirect.github.com/postcss/postcss/compare/8.4.16...8.4.17) - Fixed `Node.before()` unexpected behavior (by Romain Menke). - Added TOC to docs (by Mikhail Dedov). ### [`v8.4.16`](https://redirect.github.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8416) [Compare Source](https://redirect.github.com/postcss/postcss/compare/8.4.15...8.4.16) - Fixed `Root` AST migration. ### [`v8.4.15`](https://redirect.github.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8415) [Compare Source](https://redirect.github.com/postcss/postcss/compare/8.4.14...8.4.15) - Fixed AST normalization after using custom parser with old PostCSS AST. ### [`v8.4.14`](https://redirect.github.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8414) [Compare Source](https://redirect.github.com/postcss/postcss/compare/8.4.13...8.4.14) - Print “old plugin API” warning only if plugin was used (by [@zardoy](https://redirect.github.com/zardoy)). ### [`v8.4.13`](https://redirect.github.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8413) [Compare Source](https://redirect.github.com/postcss/postcss/compare/8.4.12...8.4.13) - Fixed `append()` error after using `.parent` (by Jordan Pittman). ### [`v8.4.12`](https://redirect.github.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8412) [Compare Source](https://redirect.github.com/postcss/postcss/compare/8.4.11...8.4.12) - Fixed `package.funding` to have same value between all PostCSS packages. ### [`v8.4.11`](https://redirect.github.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8411) [Compare Source](https://redirect.github.com/postcss/postcss/compare/8.4.10...8.4.11) - Fixed `Declaration#raws.value` type. ### [`v8.4.10`](https://redirect.github.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8410) [Compare Source](https://redirect.github.com/postcss/postcss/compare/8.4.9...8.4.10) - Fixed `package.funding` URL format. ### [`v8.4.9`](https://redirect.github.com/postcss/postcss/blob/HEAD/CHANGELOG.md#849) [Compare Source](https://redirect.github.com/postcss/postcss/compare/8.4.8...8.4.9) - Fixed `package.funding` (by Álvaro Mondéjar). ### [`v8.4.8`](https://redirect.github.com/postcss/postcss/blob/HEAD/CHANGELOG.md#848) [Compare Source](https://redirect.github.com/postcss/postcss/compare/8.4.7...8.4.8) - Fixed end position in empty Custom Properties. ### [`v8.4.7`](https://redirect.github.com/postcss/postcss/blob/HEAD/CHANGELOG.md#847) [Compare Source](https://redirect.github.com/postcss/postcss/compare/8.4.6...8.4.7) - Fixed `Node#warn()` type (by Masafumi Koba). - Fixed comment removal in values after `,`. ### [`v8.4.6`](https://redirect.github.com/postcss/postcss/blob/HEAD/CHANGELOG.md#846) [Compare Source](https://redirect.github.com/postcss/postcss/compare/8.4.5...8.4.6) - Prevented comment removing when it change meaning of CSS. - Fixed parsing space in last semicolon-less CSS Custom Properties. - Fixed comment cleaning in CSS Custom Properties with space. - Fixed throwing an error on `.root` access for plugin-less case. ### [`v8.4.5`](https://redirect.github.com/postcss/postcss/blob/HEAD/CHANGELOG.md#845) [Compare Source](https://redirect.github.com/postcss/postcss/compare/8.4.4...8.4.5) - Fixed `raws` types to make object extendable (by James Garbutt). - Moved from Yarn 1 to pnpm.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

[ ] If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

kir-dev / tanulo-next