search

uswds / uswds-compile

Simple Gulp 4 functions for copying USWDS static assets and transforming USWDS Sass into browser-readable CSS.
Other
21 stars 12 forks source link

[Snyk] Security upgrade postcss from 8.4.19 to 8.4.31 #72

Closed mejiaj closed 9 months ago

mejiaj commented 11 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json - package-lock.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **551/1000**
**Why?** Recently disclosed, Has a fix available, CVSS 5.3 | Improper Input Validation
[SNYK-JS-POSTCSS-5926692](https://snyk.io/vuln/SNYK-JS-POSTCSS-5926692) | No | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: postcss The new version differs by 155 commits.
  • 90208de Release 8.4.31 version
  • 58cc860 Fix carrier return parsing
  • 4fff8e4 Improve pnpm test output
  • cd43ed1 Update dependencies
  • caa916b Update dependencies
  • 8972f76 Typo
  • 11a5286 Typo
  • 45c5501 Release 8.4.30 version
  • bc3c341 Update linter
  • b2be58a Merge pull request #1881 from romainmenke/improve-sourcemap-performance--philosophical-spiny-dogfish-3eb029c1c8
  • 6a291d6 apply suggestions from code review
  • efa442c Update lib/map-generator.js
  • de33cf6 improve sourcemap performance
  • 1c6ad25 Highlight banner with lines
  • e10d5c0 More more detailed text below
  • 3ff5f5f Rephrase into
  • 272aae4 Remove old banner
  • 632e876 Update CI actions
  • cfa6cf4 Change EM banner
  • fee5448 Release 8.4.29 version
  • 3360c39 Update dependencies
  • ade4145 Merge pull request #1879 from idoros/ido/fix-location-offset
  • 9a7077b fix: node end offset
  • ce9f6b3 Merge pull request #1875 from coliff/patch-1
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/uswds/project/84be3c98-ccec-4940-8cb2-fb9bb8838315?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/uswds/project/84be3c98-ccec-4940-8cb2-fb9bb8838315?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"e61451ef-3519-43a3-9527-b29031432230","prPublicId":"e61451ef-3519-43a3-9527-b29031432230","dependencies":[{"name":"postcss","from":"8.4.19","to":"8.4.31"}],"packageManager":"npm","projectPublicId":"84be3c98-ccec-4940-8cb2-fb9bb8838315","projectUrl":"https://app.snyk.io/org/uswds/project/84be3c98-ccec-4940-8cb2-fb9bb8838315?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-POSTCSS-5926692"],"upgrade":["SNYK-JS-POSTCSS-5926692"],"isBreakingChange":false,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore"],"priorityScoreList":[551],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Improper Input Validation](https://learn.snyk.io/lesson/improper-input-validation/?loc=fix-pr)
mejiaj commented 9 months ago

Closed in favor of https://github.com/uswds/uswds-compile/pull/73.