search

wa0x6e / cal-heatmap

Cal-Heatmap is a javascript charting library to create a time-series calendar heatmap
http://cal-heatmap.com
MIT License
2.69k stars 292 forks source link

chore(deps): update dependency postcss to v8.4.31 [security] - autoclosed #389

Closed renovate[bot] closed 8 months ago

renovate[bot] commented 11 months ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
postcss (source) 8.4.24 -> 8.4.31 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2023-44270

An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \r discrepancies, as demonstrated by @font-face{ font:(\r/*);} in a rule.

This vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being originally included in a comment.

Release Notes

postcss/postcss (postcss) ### [`v8.4.31`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8431) [Compare Source](https://togithub.com/postcss/postcss/compare/8.4.30...8.4.31) - Fixed `\r` parsing to fix CVE-2023-44270. ### [`v8.4.30`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8430) [Compare Source](https://togithub.com/postcss/postcss/compare/8.4.29...8.4.30) - Improved source map performance (by Romain Menke). ### [`v8.4.29`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8429) [Compare Source](https://togithub.com/postcss/postcss/compare/8.4.28...8.4.29) - Fixed `Node#source.offset` (by Ido Rosenthal). - Fixed docs (by Christian Oliff). ### [`v8.4.28`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8428) [Compare Source](https://togithub.com/postcss/postcss/compare/8.4.27...8.4.28) - Fixed `Root.source.end` for better source map (by Romain Menke). - Fixed `Result.root` types when `process()` has no parser. ### [`v8.4.27`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8427) [Compare Source](https://togithub.com/postcss/postcss/compare/8.4.26...8.4.27) - Fixed `Container` clone methods types. ### [`v8.4.26`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8426) [Compare Source](https://togithub.com/postcss/postcss/compare/8.4.25...8.4.26) - Fixed clone methods types. ### [`v8.4.25`](https://togithub.com/postcss/postcss/blob/HEAD/CHANGELOG.md#8425) [Compare Source](https://togithub.com/postcss/postcss/compare/8.4.24...8.4.25) - Improve stringify performance (by Romain Menke). - Fixed docs (by [@​vikaskaliramna07](https://togithub.com/vikaskaliramna07)).

Configuration

šŸ“… Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

šŸš¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.

ā™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

šŸ”• Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Mend Renovate. View repository job log here.

coveralls commented 11 months ago

Coverage Status

coverage: 95.147%. remained the same when pulling 4644d1dda0b73c0dc667d5b2c50313ce7d7cffb5 on renovate/npm-postcss-vulnerability into 6cb8ddf3b40e8b3f0c5522b89f1c89e4eb7d6981 on master.