ocadotechnology / hexagonjs

A modular, themable collection of components for modern browsers
https://www.hexagonjs.io
Apache License 2.0
51 stars 15 forks source link

chore(deps-dev): bump postcss from 7.0.27 to 8.2.10 #577

Closed dependabot[bot] closed 3 years ago

dependabot[bot] commented 3 years ago

Bumps postcss from 7.0.27 to 8.2.10.

Release notes

Sourced from postcss's releases.

8.2.10

8.2.9

8.2.8

8.2.7

8.2.6

  • Fixed Maximum call stack size exceeded in Node#toJSON.
  • Fixed docs (by @​inokawa).

8.2.5

  • Fixed escaped characters handling in list.split (by @​nex3).

8.2.4

8.2.3

8.2.2

8.2.1

  • Fixed Node#toJSON() and postcss.fromJSON() (by @​mischnic).

8.2 “Prince Orobas”

PostCSS 8.2 added a new API to serialize and deserialize CSS AST to JSON.

import { parse, fromJSON } from 'postcss'

let root = parse('a{}', { from: 'input.css' }) let json = root.toJSON() // save to file, send by network, etc let root2 = fromJSON(json)

... (truncated)

Changelog

Sourced from postcss's changelog.

8.2.10

  • Fixed ReDoS vulnerabilities in source map parsing.
  • Fixed webpack 5 support (by Barak Igal).
  • Fixed docs (by Roeland Moors).

8.2.9

  • Exported NodeErrorOptions type (by Rouven Weßling).

8.2.8

  • Fixed browser builds in webpack 4 (by Matt Jones).

8.2.7

  • Fixed browser builds in webpack 5 (by Matt Jones).

8.2.6

  • Fixed Maximum call stack size exceeded in Node#toJSON.
  • Fixed docs (by inokawa).

8.2.5

  • Fixed escaped characters handling in list.split (by Natalie Weizenbaum).

8.2.4

  • Added plugin name to postcss.plugin() warning (by Tom Williams).
  • Fixed docs (by Bill Columbia).

8.2.3

  • Fixed JSON.stringify(Node[]) support (by Niklas Mischkulnig).

8.2.2

  • Fixed CSS-in-JS support (by James Garbutt).
  • Fixed plugin types (by Ludovico Fischer).
  • Fixed Result#warn() types.

8.2.1

  • Fixed Node#toJSON() and postcss.fromJSON() (by Niklas Mischkulnig).

8.2 “Prince Orobas”

  • Added Node#toJSON() and postcss.fromJSON() (by Niklas Mischkulnig).

8.1.14

  • Fixed parser performance regression.

8.1.13

  • Fixed broken AST after moving nodes in visitor API.

8.1.12

  • Fixed Autoprefixer regression.

8.1.11

  • Added PostCSS update suggestion on unknown event in plugin.

... (truncated)

Commits
  • 8395d9f Release 8.2.10 version
  • f2baaa7 Update ESLint config
  • b6f3e4d Fix unsafe regexp in getAnnotationURL() too
  • 4bcd727 Merge pull request #1553 from barak007/patch-2
  • 7c2e97a Add covrage ignore on error paths
  • 8c58434 Apply suggestions from code review
  • ff2fd57 add error for sourcePath
  • 8f02bdc disable url based features
  • a54d020 Fix browser bundling with webpack 5
  • 8682b1e Fix unsafe regexp
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/ocadotechnology/hexagonjs/network/alerts).
coveralls commented 3 years ago

Coverage Status

Coverage remained the same at 69.877% when pulling 4f35f0be3eddab1ac25ca454d3b201548aa5a959 on dependabot/npm_and_yarn/postcss-8.2.10 into db616fdc253fad9c8c2f8b4c713c014403ac9324 on develop.

dependabot[bot] commented 3 years ago

Superseded by #579.