search

peilingjiang / b5

A visual programming language for learning, prototyping, and fun. Inspired by p5.js.
https://b5editor.app
MIT License
77 stars 12 forks source link

npm: bump cssnano from 5.1.14 to 6.0.5 #218

Closed dependabot[bot] closed 2 months ago

dependabot[bot] commented 6 months ago

Bumps cssnano from 5.1.14 to 6.0.5.

Release notes

Sourced from cssnano's releases.

v6.0.5

Bug Fixes

  • correctly minify font declaration in edge cases
  • preserve initial property in -webkit-line-clamp

v6.0.4

Bug Fixes

  • preserve empty @layer declarations
  • avoid crashing when encountering @layer without any braces afterwards
  • update to latest lilconfig dependency to avoid vulnerability

v6.0.3

Bug fixes

  • do not sort unknown properties

Other

  • Require latest browserslist and postcss-selector-parser

v6.0.2

  • fix: update cssnano peer dependency to 8.4.31 to avoid security issue
  • fix: update postcss-calc to 9.0.1 to solve disappearing expressions inside two brackets
  • deps(postcss-svgo): update SVGO to 3.0.5 and update doc
  • chore: update css-declaration-sorter
  • fix(postcss-minify-selectors): prevent mangling of timeline range names
  • fix(postcss-convert-values): keep percent unit in @Property
  • chore(cssnano): update lilconfig to 3.0.0

v6.0.1

Bug Fixes

v6.0.0

Major Changes

  • 99d1e6ab: postcss-normalize-url: remove normalize-url configuration options
  • 4e272f88: postcss-svgo: Upgrade dependency svgo to v3 and increase the minimum supported node version to v14
  • ca9d3f55: Switch minimum supported Node version to 14 for all packages
  • 39a20405: feat!(cssnano): remove undocumented YAML config support

Migration instructions

  • If you're not happy with the defaults for the normalize-url transform, turn it off completely. Options were removed as most would change the meaning of the URL, which is unexpcted in the case of CSS minification.
  • In the unlikely event you're using YAML to configure cssnano, move the cssnano configuration inside the PostCSS config or use a configuration file in CommonJS or JSON format.

v5.1.15

Bug Fixes

  • fix(postcsss-reduce-initial): fix mask-repeat conversion
  • fix(postcss-colormin): don't minify colors in src declarations
  • fix(postcss-merge-rules): do not merge conflicting flex and border properties
Commits
  • fdd092e Publish cssnano 6.0.5
  • c2160e3 fix(postcss-minify-font-values): fix font declaration output (#1562)
  • fb9889a chore: update ESLint
  • c4be0f5 fix(postcss-reduce-initial): update list of properties values
  • f01b03c test(postcss-reduce-initial): replace nanospy with built-in mock
  • 3ed9528 Correct the test links in some plugin README files
  • d829c19 chore: update remaining dev dependencies
  • f461389 chore: update colord version
  • 83d3268 chore: update browserslist and autoprefixer
  • 7f44a4f docs: update website for release
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 2 months ago

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.