revivek / oy

Render HTML emails on the server with React.
MIT License
834 stars 47 forks source link

Bump clean-css from 4.1.9 to 4.1.11 #90

Closed dependabot[bot] closed 5 years ago

dependabot[bot] commented 5 years ago

Bumps clean-css from 4.1.9 to 4.1.11.

Changelog *Sourced from [clean-css's changelog](https://github.com/jakubpawlowicz/clean-css/blob/master/History.md).* > [4.1.11 / 2018-03-06](https://github.com/jakubpawlowicz/clean-css/compare/v4.1.10...v4.1.11) > ================== > > * Backports fixes to ReDOS vulnerabilities in validator code. > > [4.1.10 / 2018-03-05](https://github.com/jakubpawlowicz/clean-css/compare/v4.1.9...v4.1.10) > ================== > > * Fixed issue [#988](https://github-redirect.dependabot.com/jakubpawlowicz/clean-css/issues/988) - edge case in dropping default animation-duration. > * Fixed issue [#989](https://github-redirect.dependabot.com/jakubpawlowicz/clean-css/issues/989) - edge case in removing unused at rules. > * Fixed issue [#1001](https://github-redirect.dependabot.com/jakubpawlowicz/clean-css/issues/1001) - corrupted tokenizer state. > * Fixed issue [#1006](https://github-redirect.dependabot.com/jakubpawlowicz/clean-css/issues/1006) - edge case in handling invalid source maps. > * Fixed issue [#1008](https://github-redirect.dependabot.com/jakubpawlowicz/clean-css/issues/1008) - edge case in breaking up `font` shorthand.
Commits - [`7812d59`](https://github.com/jakubpawlowicz/clean-css/commit/7812d591d51543c5a71de9538ef6bab87dbcc8d8) Version 4.1.11. - [`0440b4a`](https://github.com/jakubpawlowicz/clean-css/commit/0440b4acee9d84624dfb66da2956a94ebcf33519) Fixes ReDOS vulnerabilities. - [`c601ebd`](https://github.com/jakubpawlowicz/clean-css/commit/c601ebd71da6320268058087ed049ab3b13aa068) Version 4.1.10. - [`9e0a38e`](https://github.com/jakubpawlowicz/clean-css/commit/9e0a38ea3619c742403a33a8963ed2b33d5f41e6) Fixes [#1006](https://github-redirect.dependabot.com/jakubpawlowicz/clean-css/issues/1006) - handling invalid input source maps. - [`913d72c`](https://github.com/jakubpawlowicz/clean-css/commit/913d72c4a23a99a8e2de0712bc9fd589c06588eb) Fixes [#1008](https://github-redirect.dependabot.com/jakubpawlowicz/clean-css/issues/1008) - edge case in breaking up `font`. - [`bedd8a9`](https://github.com/jakubpawlowicz/clean-css/commit/bedd8a9abfa7f3d4432a49870b8f27440aa2f197) Adds [@​abarre](https://github.com/abarre) fix to [#1001](https://github-redirect.dependabot.com/jakubpawlowicz/clean-css/issues/1001) to release notes. - [`e944a2b`](https://github.com/jakubpawlowicz/clean-css/commit/e944a2bb10ecfa9e4a1e4562c8bcbc75ef410f5d) [#1001](https://github-redirect.dependabot.com/jakubpawlowicz/clean-css/issues/1001) Fix corrupted state of tokenizer ([#1010](https://github-redirect.dependabot.com/jakubpawlowicz/clean-css/issues/1010)) - [`8be4084`](https://github.com/jakubpawlowicz/clean-css/commit/8be408426a80443f79570506e4334641a2d540bf) Fixes [#989](https://github-redirect.dependabot.com/jakubpawlowicz/clean-css/issues/989) - edge case in removing unused at-rules. - [`21a5df0`](https://github.com/jakubpawlowicz/clean-css/commit/21a5df0496f4c721f2cb14cf5f42b499312efff4) Fixes [#988](https://github-redirect.dependabot.com/jakubpawlowicz/clean-css/issues/988) - edge case in dropping `animation-duration`. - See full diff in [compare view](https://github.com/jakubpawlowicz/clean-css/compare/v4.1.9...v4.1.11)


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/revivek/oy/network/alerts).