search

mizdra / happy-css-modules

Typed, definition jumpable CSS Modules. Moreover, easy!
MIT License
225 stars 5 forks source link

fix(deps): update dependency postcss to v7 [security] - autoclosed #32

Closed renovate[bot] closed 2 years ago

renovate[bot] commented 2 years ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
postcss (source) 6.0.1 -> 7.0.36 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2021-23382

The package postcss versions before 7.0.36 or between 8.0.0 and 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern \/*\s sourceMappingURL=(.).

Release Notes

postcss/postcss ### [`v7.0.36`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​7036) [Compare Source](https://togithub.com/postcss/postcss/compare/7.0.35...7.0.36) - Backport ReDoS vulnerabilities from PostCSS 8. ### [`v7.0.35`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​7035) [Compare Source](https://togithub.com/postcss/postcss/compare/7.0.34...7.0.35) - Add migration guide link to PostCSS 8 error text. ### [`v7.0.34`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​7034) [Compare Source](https://togithub.com/postcss/postcss/compare/7.0.33...7.0.34) - Fix compatibility with `postcss-scss` 2. ### [`v7.0.33`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​7033) [Compare Source](https://togithub.com/postcss/postcss/compare/7.0.32...7.0.33) - Add error message for PostCSS 8 plugins. ### [`v7.0.32`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​7032) [Compare Source](https://togithub.com/postcss/postcss/compare/7.0.31...7.0.32) - Fix error message (by [@​admosity](https://togithub.com/admosity)). ### [`v7.0.31`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​7031) [Compare Source](https://togithub.com/postcss/postcss/compare/7.0.30...7.0.31) - Use only the latest source map annotation (by Emmanouil Zoumpoulakis). ### [`v7.0.30`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​7030) [Compare Source](https://togithub.com/postcss/postcss/compare/7.0.29...7.0.30) - Fix TypeScript definition (by Natalie Weizenbaum). ### [`v7.0.29`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​7029) [Compare Source](https://togithub.com/postcss/postcss/compare/7.0.28...7.0.29) - Update `Processor#version`. ### [`v7.0.28`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​7028) [Compare Source](https://togithub.com/postcss/postcss/compare/7.0.27...7.0.28) - Fix TypeScript definition (by Natalie Weizenbaum). ### [`v7.0.27`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​7027) [Compare Source](https://togithub.com/postcss/postcss/compare/7.0.26...7.0.27) - Fix TypeScript definition (by Natalie Weizenbaum). ### [`v7.0.26`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​7026) [Compare Source](https://togithub.com/postcss/postcss/compare/7.0.25...7.0.26) - Fix TypeScript definition (by Natalie Weizenbaum). ### [`v7.0.25`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​7025) [Compare Source](https://togithub.com/postcss/postcss/compare/7.0.24...7.0.25) - Fix absolute path support for Windows (by Tom Raviv). ### [`v7.0.24`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​7024) [Compare Source](https://togithub.com/postcss/postcss/compare/7.0.23...7.0.24) - Fix TypeScript definition (by Keith Cirkel). ### [`v7.0.23`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​7023) [Compare Source](https://togithub.com/postcss/postcss/compare/7.0.22...7.0.23) - Update `Processor#version`. ### [`v7.0.22`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​7022) [Compare Source](https://togithub.com/postcss/postcss/compare/7.0.21...7.0.22) - Add funding link for `npm fund`. ### [`v7.0.21`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​7021) [Compare Source](https://togithub.com/postcss/postcss/compare/7.0.20...7.0.21) - Revert passing `nodes` property to node constructor. ### [`v7.0.20`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​7020) [Compare Source](https://togithub.com/postcss/postcss/compare/7.0.19...7.0.20) - Allow to pass PostCSS’s nodes in `nodes` property to node constructor. ### [`v7.0.19`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​7019) [Compare Source](https://togithub.com/postcss/postcss/compare/7.0.18...7.0.19) - Fix passing `nodes` property to node constructor. ### [`v7.0.18`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​7018) [Compare Source](https://togithub.com/postcss/postcss/compare/7.0.17...7.0.18) - Fix TypeScript type definitions (by Jan Buschtöns). ### [`v7.0.17`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​7017) [Compare Source](https://togithub.com/postcss/postcss/compare/7.0.16...7.0.17) - Fix TypeScript type definitions (by Bob Matcuk and Jan Buschtöns). ### [`v7.0.16`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​7016) [Compare Source](https://togithub.com/postcss/postcss/compare/7.0.15...7.0.16) - Revert Custom Properties fix until PostCSS 8.0. ### [`v7.0.15`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​7015) [Compare Source](https://togithub.com/postcss/postcss/compare/7.0.14...7.0.15) - Fix Custom Properties support (by Ivan Solovev). ### [`v7.0.14`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​7014) [Compare Source](https://togithub.com/postcss/postcss/compare/7.0.13...7.0.14) - Fix tokenizer for `postcss-less` (by Matt Lyons). ### [`v7.0.13`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​7013) [Compare Source](https://togithub.com/postcss/postcss/compare/7.0.12...7.0.13) - Fix parsing regression in 7.0.12 for comments between property and value. ### [`v7.0.12`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​7012) [Compare Source](https://togithub.com/postcss/postcss/compare/7.0.11...7.0.12) - Fix parsing broken CSS with two words in declaration property. ### [`v7.0.11`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​7011) [Compare Source](https://togithub.com/postcss/postcss/compare/7.0.10...7.0.11) - Fix source maps on declaration semicolon (by Niklas Mischkulnig). ### [`v7.0.10`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​7010) [Compare Source](https://togithub.com/postcss/postcss/compare/7.0.9...7.0.10) - Fix source maps (by Niklas Mischkulnig). ### [`v7.0.9`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​709) [Compare Source](https://togithub.com/postcss/postcss/compare/7.0.8...7.0.9) - Increase stringifing performance for non-raws AST. ### [`v7.0.8`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​708) [Compare Source](https://togithub.com/postcss/postcss/compare/7.0.7...7.0.8) - Fix TypeScript definitions (by Ankur Oberoi). - Use `support-colors` 6.0. ### [`v7.0.7`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​707) [Compare Source](https://togithub.com/postcss/postcss/compare/7.0.6...7.0.7) - Extend `Error` in `CssSyntaxError`. ### [`v7.0.6`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​706) [Compare Source](https://togithub.com/postcss/postcss/compare/7.0.5...7.0.6) - Fix parsing files with BOM (by Veniamin Krol). ### [`v7.0.5`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​705) [Compare Source](https://togithub.com/postcss/postcss/compare/7.0.4...7.0.5) - Reduce npm package size (by Gilad Peleg). ### [`v7.0.4`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​704) [Compare Source](https://togithub.com/postcss/postcss/compare/7.0.3...7.0.4) - Fix safe parser regression. ### [`v7.0.3`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​7038) [Compare Source](https://togithub.com/postcss/postcss/compare/7.0.2...7.0.3) - Update `Processor#version`. ### [`v7.0.2`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​7029) [Compare Source](https://togithub.com/postcss/postcss/compare/7.0.1...7.0.2) - Update `Processor#version`. ### [`v7.0.1`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​7019) [Compare Source](https://togithub.com/postcss/postcss/compare/7.0.0...7.0.1) - Fix passing `nodes` property to node constructor. ### [`v7.0.0`](https://togithub.com/postcss/postcss/releases/tag/7.0.0) [Compare Source](https://togithub.com/postcss/postcss/compare/6.0.23...7.0.0) President Amy seal PostCSS 7.0 dropped Node.js 4 support and brought small features. #### Breaking Changes We removed Node.js 4 and Node.js 9 support since it doesn’t have security updates anymore. We removed IE and “dead” browsers (without security updates) from Babel’s [Browserslist](https://togithub.com/browserslist/browserslist). Don't worry, PostCSS still generate IE-compatible code. These changes affect websites which run PostCSS on client-side like CodePen. last 2 version not dead not Explorer 11 not ExplorerMobile 11 node 10 node 8 node 6 #### New Features [@​nikhilgaba](https://togithub.com/nikhilgaba) [added](https://togithub.com/postcss/postcss/pull/1093) cute thing for plugin developers. If an error was happened in `Container#walk()` circle, PostCSS will show in stack trace CSS node, which causes this error: TypeError: Cannot read property '0' of undefined at /home/ai/Dev/test/app.css:10:4 at plugin (plugin.js:2:4) at runPostCSS (runner.js:2:1) [@​igorkamyshev](https://togithub.com/igorkamyshev) added `finally` method to `LazyResult` to make it compatible with the latest Promise API. #### Other Changes - Client-side size was reduced by [Size Limit](https://togithub.com/ai/size-limit) feedback. - Add warning on calling PostCSS without plugins and syntax options. ### [`v6.0.23`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​6023) [Compare Source](https://togithub.com/postcss/postcss/compare/6.0.22...6.0.23) - Fix parsing nested at-rules without semicolon, params, and spaces. - Fix docs (by Kevin Schiffer and Pat Cavit). ### [`v6.0.22`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​6022) [Compare Source](https://togithub.com/postcss/postcss/compare/6.0.21...6.0.22) - Fix `Node#prev` and `Node#next` on missed parent. ### [`v6.0.21`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​6021) [Compare Source](https://togithub.com/postcss/postcss/compare/6.0.20...6.0.21) - Rename Chinese docs to fix `yarnpkg.com` issue. ### [`v6.0.20`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​6020) [Compare Source](https://togithub.com/postcss/postcss/compare/6.0.19...6.0.20) - Better error message on `null` as input CSS. ### [`v6.0.19`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​6019) [Compare Source](https://togithub.com/postcss/postcss/compare/6.0.18...6.0.19) - Fix TypeScript definitions for source maps (by Oleh Kuchuk). - Fix `source` field in TypeScript definitions (by Sylvain Pollet-Villard). ### [`v6.0.18`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​6018) [Compare Source](https://togithub.com/postcss/postcss/compare/6.0.17...6.0.18) - Use primitive object in TypeScript definitions (by Sylvain Pollet-Villard). ### [`v6.0.17`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​6017) [Compare Source](https://togithub.com/postcss/postcss/compare/6.0.16...6.0.17) - Fix parsing comment in selector between word tokens (by Oleh Kuchuk). ### [`v6.0.16`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​6016) [Compare Source](https://togithub.com/postcss/postcss/compare/6.0.15...6.0.16) - Fix warning text (by Michael Keller). ### [`v6.0.15`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​6015) [Compare Source](https://togithub.com/postcss/postcss/compare/6.0.14...6.0.15) - Add warning about missed `from` option on `process().then()` call. - Add IE 10 support. ### [`v6.0.14`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​6014) [Compare Source](https://togithub.com/postcss/postcss/compare/6.0.13...6.0.14) - Fix TypeScript definitions (by Jed Mao). ### [`v6.0.13`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​6013) [Compare Source](https://togithub.com/postcss/postcss/compare/6.0.12...6.0.13) - Fix TypeScript definitions for case of multiple PostCSS versions in `node_modules` (by Chris Eppstein). - Use `source-map` 0.6. ### [`v6.0.12`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​6012) [Compare Source](https://togithub.com/postcss/postcss/compare/6.0.11...6.0.12) - Don’t copy `*` hack to declaration indent. ### [`v6.0.11`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​6011) [Compare Source](https://togithub.com/postcss/postcss/compare/6.0.10...6.0.11) - Add upper case `!IMPORTANT` support. ### [`v6.0.10`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​6010) [Compare Source](https://togithub.com/postcss/postcss/compare/6.0.9...6.0.10) - Reduce PostCSS size in webpack bundle. ### [`v6.0.9`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​609) [Compare Source](https://togithub.com/postcss/postcss/compare/6.0.8...6.0.9) - Improve error message for plugin with old PostCSS (by Igor Adamenko). ### [`v6.0.8`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​608) [Compare Source](https://togithub.com/postcss/postcss/compare/6.0.7...6.0.8) - Fix Node.js 4.2.2 support. ### [`v6.0.7`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​607) [Compare Source](https://togithub.com/postcss/postcss/compare/6.0.6...6.0.7) - Fix base64 decoding for old Node.js and browser. ### [`v6.0.6`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​606) [Compare Source](https://togithub.com/postcss/postcss/compare/6.0.5...6.0.6) - Fix `end` position in at-rule without semicolon (by Oleh Kuchuk). ### [`v6.0.5`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​605) [Compare Source](https://togithub.com/postcss/postcss/compare/6.0.4...6.0.5) - Move Babel config from `package.json` for `node_modules` compiling cases. ### [`v6.0.4`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​604) [Compare Source](https://togithub.com/postcss/postcss/compare/6.0.3...6.0.4) - Fix parsing `;;` after rules. - Use Chalk 2.0. ### [`v6.0.3`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​603) [Compare Source](https://togithub.com/postcss/postcss/compare/6.0.2...6.0.3) - Fix escape sequences parsing (by Oleh Kuchuk). - Added ability to force disable colors with an environment variable. - Improved color detection of some terminal apps. ### [`v6.0.2`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#​6023) [Compare Source](https://togithub.com/postcss/postcss/compare/6.0.1...6.0.2) - Fix parsing nested at-rules without semicolon, params, and spaces. - Fix docs (by Kevin Schiffer and Pat Cavit).

Configuration

📅 Schedule: Branch creation - "" in timezone Asia/Tokyo, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Mend Renovate. View repository job log here.