snowdensb / vets-website

Frontend for VA.gov
Creative Commons Zero v1.0 Universal
0 stars 0 forks source link

Update dependency cssnano to v5 #323

Open mend-for-github-com[bot] opened 2 months ago

mend-for-github-com[bot] commented 2 months ago

This PR contains the following updates:

Package Type Update Change
cssnano devDependencies major ^4.1.10 -> ^5.0.0

By merging this PR, the below issues will be automatically resolved and closed:

Severity CVSS Score CVE GitHub Issue
High 7.5 CVE-2021-3803 #113

By merging this PR, the below issues will be automatically resolved and closed:

Severity CVSS Score CVE GitHub Issue
High 7.5 CVE-2023-34104 #224
High 7.5 CVE-2024-41818 #313
Medium 6.5 CVE-2023-26920 #223

By merging this PR, the below issues will be automatically resolved and closed:

Severity CVSS Score CVE GitHub Issue
High 7.5 WS-2021-0152 #92
Medium 5.3 CVE-2021-29060 #93

By merging this PR, the below issues will be automatically resolved and closed:

Severity CVSS Score CVE GitHub Issue
Medium 5.3 CVE-2021-23364 #79

By merging this PR, the below issues will be automatically resolved and closed:

Severity CVSS Score CVE GitHub Issue
Medium 5.3 CVE-2021-23368 #77
Medium 5.3 CVE-2021-23382 #78
Medium 5.3 CVE-2023-44270 #308

Release Notes

cssnano/cssnano (cssnano) ### [`v5.0.0`](https://togithub.com/cssnano/cssnano/releases/tag/cssnano%405.0.0): v5.0.0 [Compare Source](https://togithub.com/cssnano/cssnano/compare/v4.1.11...cssnano@5.0.0) #### Major changes - requires Node >= 10.13 - PostCSS 8 API, so cssnano 5 does not emit warnings when running under PostCSS 8 - updated to SVGO 2, fixing many SVG minification bugs - updated css-value-parser and css-selector-parser, fixing many bugs ##### Upgrade notes If you use the cssnano JavaScript API, you need to change your code: - Replace `cssnano.process()` with `cssnano().process()` (notice the `()` after `cssnano`) - pass cssnano options to `cssnano()` instead of `process()` cssnano(cssnanoOptions).process(postcssOptions) #### Bug fixes - fix improperly discarding `@font-face` declarations [#​726](https://togithub.com/cssnano/cssnano/issues/726) - partially fix some isues where cssnano did not combine rules when used together with `postcss-nested` [#​1004](https://togithub.com/cssnano/cssnano/issues/1004) - fix `translate3d()` minification [#​920](https://togithub.com/cssnano/cssnano/issues/920) - fix minification of values starting with `e` [#​589](https://togithub.com/cssnano/cssnano/issues/958), [#​984](https://togithub.com/cssnano/cssnano/issues/984) - fix minification of percentage vaalues [#​962](https://togithub.com/cssnano/cssnano/issues/962), [#​957](https://togithub.com/cssnano/cssnano/issues/957) - fix minification of `aspect-ratio` [#​963](https://togithub.com/cssnano/cssnano/issues/963) - fix merging of `@supports` rules [#​974](https://togithub.com/cssnano/cssnano/issues/974) - fix sorting of longhand and shorthand properties [#​535](https://togithub.com/cssnano/cssnano/issues/535) - remove vulnerable dependency and always warn with bad SVG input [#​1034](https://togithub.com/cssnano/cssnano/pull/1034) ### [`v4.1.11`](https://togithub.com/cssnano/cssnano/releases/tag/v4.1.11) [Compare Source](https://togithub.com/cssnano/cssnano/compare/v4.1.10...v4.1.11) ### 4.1.11 #### Bug Fixes - fix [CVE-2021-28092](https://nvd.nist.gov/vuln/detail/CVE-2021-28092)