Changelog
*Sourced from [clean-css's changelog](https://github.com/jakubpawlowicz/clean-css/blob/master/History.md).*
> [4.1.11 / 2018-03-06](https://github.com/jakubpawlowicz/clean-css/compare/v4.1.10...v4.1.11)
> ==================
>
> * Backports fixes to ReDOS vulnerabilities in validator code.
>
> [4.1.10 / 2018-03-05](https://github.com/jakubpawlowicz/clean-css/compare/v4.1.9...v4.1.10)
> ==================
>
> * Fixed issue [#988](https://github-redirect.dependabot.com/jakubpawlowicz/clean-css/issues/988) - edge case in dropping default animation-duration.
> * Fixed issue [#989](https://github-redirect.dependabot.com/jakubpawlowicz/clean-css/issues/989) - edge case in removing unused at rules.
> * Fixed issue [#1001](https://github-redirect.dependabot.com/jakubpawlowicz/clean-css/issues/1001) - corrupted tokenizer state.
> * Fixed issue [#1006](https://github-redirect.dependabot.com/jakubpawlowicz/clean-css/issues/1006) - edge case in handling invalid source maps.
> * Fixed issue [#1008](https://github-redirect.dependabot.com/jakubpawlowicz/clean-css/issues/1008) - edge case in breaking up `font` shorthand.
Commits
- [`7812d59`](https://github.com/jakubpawlowicz/clean-css/commit/7812d591d51543c5a71de9538ef6bab87dbcc8d8) Version 4.1.11.
- [`0440b4a`](https://github.com/jakubpawlowicz/clean-css/commit/0440b4acee9d84624dfb66da2956a94ebcf33519) Fixes ReDOS vulnerabilities.
- [`c601ebd`](https://github.com/jakubpawlowicz/clean-css/commit/c601ebd71da6320268058087ed049ab3b13aa068) Version 4.1.10.
- [`9e0a38e`](https://github.com/jakubpawlowicz/clean-css/commit/9e0a38ea3619c742403a33a8963ed2b33d5f41e6) Fixes [#1006](https://github-redirect.dependabot.com/jakubpawlowicz/clean-css/issues/1006) - handling invalid input source maps.
- [`913d72c`](https://github.com/jakubpawlowicz/clean-css/commit/913d72c4a23a99a8e2de0712bc9fd589c06588eb) Fixes [#1008](https://github-redirect.dependabot.com/jakubpawlowicz/clean-css/issues/1008) - edge case in breaking up `font`.
- [`bedd8a9`](https://github.com/jakubpawlowicz/clean-css/commit/bedd8a9abfa7f3d4432a49870b8f27440aa2f197) Adds [@abarre](https://github.com/abarre) fix to [#1001](https://github-redirect.dependabot.com/jakubpawlowicz/clean-css/issues/1001) to release notes.
- [`e944a2b`](https://github.com/jakubpawlowicz/clean-css/commit/e944a2bb10ecfa9e4a1e4562c8bcbc75ef410f5d) [#1001](https://github-redirect.dependabot.com/jakubpawlowicz/clean-css/issues/1001) Fix corrupted state of tokenizer ([#1010](https://github-redirect.dependabot.com/jakubpawlowicz/clean-css/issues/1010))
- [`8be4084`](https://github.com/jakubpawlowicz/clean-css/commit/8be408426a80443f79570506e4334641a2d540bf) Fixes [#989](https://github-redirect.dependabot.com/jakubpawlowicz/clean-css/issues/989) - edge case in removing unused at-rules.
- [`21a5df0`](https://github.com/jakubpawlowicz/clean-css/commit/21a5df0496f4c721f2cb14cf5f42b499312efff4) Fixes [#988](https://github-redirect.dependabot.com/jakubpawlowicz/clean-css/issues/988) - edge case in dropping `animation-duration`.
- See full diff in [compare view](https://github.com/jakubpawlowicz/clean-css/compare/v4.1.9...v4.1.11)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/tmedwards/sugarcube-2/network/alerts).
Bumps clean-css from 4.1.9 to 4.1.11.
Changelog
*Sourced from [clean-css's changelog](https://github.com/jakubpawlowicz/clean-css/blob/master/History.md).* > [4.1.11 / 2018-03-06](https://github.com/jakubpawlowicz/clean-css/compare/v4.1.10...v4.1.11) > ================== > > * Backports fixes to ReDOS vulnerabilities in validator code. > > [4.1.10 / 2018-03-05](https://github.com/jakubpawlowicz/clean-css/compare/v4.1.9...v4.1.10) > ================== > > * Fixed issue [#988](https://github-redirect.dependabot.com/jakubpawlowicz/clean-css/issues/988) - edge case in dropping default animation-duration. > * Fixed issue [#989](https://github-redirect.dependabot.com/jakubpawlowicz/clean-css/issues/989) - edge case in removing unused at rules. > * Fixed issue [#1001](https://github-redirect.dependabot.com/jakubpawlowicz/clean-css/issues/1001) - corrupted tokenizer state. > * Fixed issue [#1006](https://github-redirect.dependabot.com/jakubpawlowicz/clean-css/issues/1006) - edge case in handling invalid source maps. > * Fixed issue [#1008](https://github-redirect.dependabot.com/jakubpawlowicz/clean-css/issues/1008) - edge case in breaking up `font` shorthand.Commits
- [`7812d59`](https://github.com/jakubpawlowicz/clean-css/commit/7812d591d51543c5a71de9538ef6bab87dbcc8d8) Version 4.1.11. - [`0440b4a`](https://github.com/jakubpawlowicz/clean-css/commit/0440b4acee9d84624dfb66da2956a94ebcf33519) Fixes ReDOS vulnerabilities. - [`c601ebd`](https://github.com/jakubpawlowicz/clean-css/commit/c601ebd71da6320268058087ed049ab3b13aa068) Version 4.1.10. - [`9e0a38e`](https://github.com/jakubpawlowicz/clean-css/commit/9e0a38ea3619c742403a33a8963ed2b33d5f41e6) Fixes [#1006](https://github-redirect.dependabot.com/jakubpawlowicz/clean-css/issues/1006) - handling invalid input source maps. - [`913d72c`](https://github.com/jakubpawlowicz/clean-css/commit/913d72c4a23a99a8e2de0712bc9fd589c06588eb) Fixes [#1008](https://github-redirect.dependabot.com/jakubpawlowicz/clean-css/issues/1008) - edge case in breaking up `font`. - [`bedd8a9`](https://github.com/jakubpawlowicz/clean-css/commit/bedd8a9abfa7f3d4432a49870b8f27440aa2f197) Adds [@abarre](https://github.com/abarre) fix to [#1001](https://github-redirect.dependabot.com/jakubpawlowicz/clean-css/issues/1001) to release notes. - [`e944a2b`](https://github.com/jakubpawlowicz/clean-css/commit/e944a2bb10ecfa9e4a1e4562c8bcbc75ef410f5d) [#1001](https://github-redirect.dependabot.com/jakubpawlowicz/clean-css/issues/1001) Fix corrupted state of tokenizer ([#1010](https://github-redirect.dependabot.com/jakubpawlowicz/clean-css/issues/1010)) - [`8be4084`](https://github.com/jakubpawlowicz/clean-css/commit/8be408426a80443f79570506e4334641a2d540bf) Fixes [#989](https://github-redirect.dependabot.com/jakubpawlowicz/clean-css/issues/989) - edge case in removing unused at-rules. - [`21a5df0`](https://github.com/jakubpawlowicz/clean-css/commit/21a5df0496f4c721f2cb14cf5f42b499312efff4) Fixes [#988](https://github-redirect.dependabot.com/jakubpawlowicz/clean-css/issues/988) - edge case in dropping `animation-duration`. - See full diff in [compare view](https://github.com/jakubpawlowicz/clean-css/compare/v4.1.9...v4.1.11)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/tmedwards/sugarcube-2/network/alerts).