react-mapbox-wrapper
react-mapbox-wrapper copied to clipboard
chore(deps): [security] bump postcss from 8.2.2 to 8.3.5
Bumps postcss from 8.2.2 to 8.3.5. This update includes security fixes.
Vulnerabilities fixed
Sourced from The GitHub Security Advisory Database.
Regular Expression Denial of Service in postcss The npm package
postcss
from 7.0.0 and before versions 7.0.36 and 8.2.10 is vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.Affected versions: >= 8.0.0 < 8.2.10
Sourced from The GitHub Security Advisory Database.
Regular Expression Denial of Service in postcss The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.
Affected versions: >= 7.0.0 < 8.2.10
Release notes
Sourced from postcss's releases.
8.3.5
- Fixed broken AST detection.
8.3.4
- Fixed broken AST detection.
8.3.3
- Fixed broken AST on
postcss
dependency duplication in custom parsers.8.3.2
- Update changelog.
8.3.1
- Fixed false positives
PostCSS does nothing
warning onsyntax
option.8.3 “Duke Murmur”
PostCSS 8.3 improved source map parsing performance, added
Node#assign()
shortcut, and experimentalDocument
node to AST.Thanks to Sponsors
This release was possible thanks to our community.
If your company wants to support the sustainability of front-end infrastructure or wants to give some love to PostCSS, you can join our supporters by:
- Tidelift with a Spotify-like subscription model supporting all projects from your lock file.
- Direct donations in PostCSS & Autoprefixer Open Collective.
Source Map Performance
Because PostCSS needs synchronous API, we can’t move from the old `source-map 0.6 to 0.7 (many other open-source projects too).
@7rulnik
forkedsource-map
0.6 tosource-map-js
and back-ported performance improvements from 0.7. In 8.3 we switched fromsource-map
to thissource-map-js
fork.You map see 4x performance improvements in parsing map from processing step before PostCSS (for instance, Sass).
Document
NodesThanks to
@gucong3000
, PostCSS already parse CSS from HTML and JS files (CSS-in-JS templates and objects).But his plugin need big updates.
@hudochenkov
from stylelint team decided to create new parsers for styles inside CSS-in-JS, HTML, and Markdown.
... (truncated)
Changelog
Sourced from postcss's changelog.
Change Log
This project adheres to Semantic Versioning.
8.3.4
- Fixed broken AST detection.
8.3.3
- Fixed broken AST on
postcss
dependency duplication in custom parsers.8.3.2
- Update changelog.
8.3.1
- Fixed false positives
PostCSS does nothing
warning onsyntax
option.8.3 “Duke Murmur”
- Added
Node#assign()
shortcut (by Jonathan Neal).- Added experimental
Document
node to AST (by Aleks Hudochenkov).- Moved to faster fork of
source-map
(by Valentin Semirulnik).8.2.15
- Fixed
list
type definitions (by@n19htz
).8.2.14
- Removed
source-map
from client-side bundle (by Barak Igal).8.2.13
- Fixed ReDoS vulnerabilities in source map parsing (by Yeting Li).
8.2.12
- Fixed
package.json
exports.8.2.11
- Fixed
DEP0148
warning in Node.js 16.- Fixed docs (by
@semiromid
).8.2.10
- Fixed ReDoS vulnerabilities in source map parsing.
- Fixed webpack 5 support (by Barak Igal).
- Fixed docs (by Roeland Moors).
8.2.9
- Exported
NodeErrorOptions
type (by Rouven Weßling).8.2.8
- Fixed browser builds in webpack 4 (by Matt Jones).
8.2.7
- Fixed browser builds in webpack 5 (by Matt Jones).
... (truncated)
Commits
e3781e9
Release 8.3.5 version9c43841
Update dependencies97d1c84
Set my flag after changing prototype871e549
Merge pull request #1603 from navanshu/maind200bf0
Update plugins.mdbdd4edd
Update plugins.mdc7bae29
Release 8.3.4 version8b4a8b1
Fix Node[my] hack7ea0c9b
Release 8.3.3 versionff6abab
Fix Symbol description- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
If all status checks pass Dependabot will automatically merge this pull request during working hours.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
-
@dependabot rebase
will rebase this PR -
@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it -
@dependabot merge
will merge this PR after your CI passes on it -
@dependabot squash and merge
will squash and merge this PR after your CI passes on it -
@dependabot cancel merge
will cancel a previously requested merge and block automerging -
@dependabot reopen
will reopen this PR if it is closed -
@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -
@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -
@dependabot badge me
will comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in the .dependabot/config.yml
file in this repo:
- Update frequency
- Automerge options (never/patch/minor, and dev/runtime dependencies)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
One of your CI runs failed on this pull request, so Dependabot won't merge it.
Dependabot will still automatically merge this pull request if you amend it and your tests pass.