Bump postcss and @vue/cli-service

[dependabot[bot]]

Bumps postcss to 7.0.39 and updates ancestor dependency @vue/cli-service. These dependencies need to be updated together.

Updates postcss from 6.0.23 to 7.0.39

Release notes

Sourced from postcss's releases.

7.0.39

• Reduce package size.
• Backport nanocolors to picocolors migration.

7.0.38

• Update Processor#version.

7.0.37

• Backport chalk to nanocolors migration.

7.0.36

• Backport ReDoS vulnerabilities from PostCSS 8.

7.0.35

• Add migration guide link to PostCSS 8 error text.

7.0.34

• Fix compatibility with postcss-scss 2.

7.0.33

• Add error message for PostCSS 8 plugins.

7.0.32

• Fix error message (by @​admosity).

7.0.31

• Use only the latest source map annotation (by @​emzoumpo).

7.0.30

• Fix TypeScript definition (by @​nex3)

7.0.29

• Update Processor#version.

7.0.28

• Fix TypeScript definition (by @​nex3).

7.0.27

• Fix TypeScript definition (by @​nex3).

7.0.26

• Fix TypeScript definition (by @​nex3)

7.0.25

• Fix absolute path support for Windows (by @​tomrav)

7.0.24

• Fix TypeScript definition (by @​keithamus).

7.0.23

... (truncated)

Changelog

Sourced from postcss's changelog.

7.0.39

• Reduce package size.
• Backport nanocolors to picocolors migration.

7.0.38

• Update Processor#version.

7.0.37

• Backport chalk to nanocolors migration.

7.0.36

• Backport ReDoS vulnerabilities from PostCSS 8.

7.0.35

• Add migration guide link to PostCSS 8 error text.

7.0.34

• Fix compatibility with postcss-scss 2.

7.0.33

• Add error message for PostCSS 8 plugins.

7.0.32

• Fix error message (by @​admosity).

7.0.31

• Use only the latest source map annotation (by Emmanouil Zoumpoulakis).

7.0.30

• Fix TypeScript definition (by Natalie Weizenbaum).

7.0.29

• Update Processor#version.

7.0.28

• Fix TypeScript definition (by Natalie Weizenbaum).

7.0.27

• Fix TypeScript definition (by Natalie Weizenbaum).

7.0.26

• Fix TypeScript definition (by Natalie Weizenbaum).

7.0.25

• Fix absolute path support for Windows (by Tom Raviv).

7.0.24

• Fix TypeScript definition (by Keith Cirkel).

7.0.23

... (truncated)

Commits

• e17c1ef Release 7.0.39 version
• 6791bd3 Reduce npm package
• 44c581a Replace nanocolors with picocolors
• 8ba21fd Remove eslint-ci
• 3994c4a Release 7.0.38 version
• 6944e1d Remove development keys from package.json
• 4dd0af0 Release 7.0.37 version
• 8408eb4 Add compilation step
• 0c68063 Move tests to GitHub Actions
• 98b61ba Replace chalk to nanocolors
• Additional commits viewable in compare view

Updates @vue/cli-service from 3.0.3 to 3.12.1

Release notes

Sourced from @​vue/cli-service's releases.

v3.12.1

Regarding recent patch releases of Vue CLI v4, we are not fixing bugs in v4 itself, but for v3 compatibility actually (to be more specific, for the vue add router and vue add vuex commands in the older CLI versions, user projects are not likely affected). We still recommend all users to upgrade to v4 early.

This is because we've made a mistake in implementing the version check mechanism of core plugins in v3. As we expect to bring users the latest and best practices for their projects, we always use the latest versions of the core plugins for scaffolding. This, however, became a burden when we bump the major versions. During the RC phase, the version check logic wasn't triggered, thus we failed to spot this problem early enough.

Luckily, few breaking changes have been made in v4 regarding the scaffolding part, so most users are not affected. The main issues are due to the changed locations of router and vuex templates. But as the usage varies (scaffolding via Vue CLI UI / command line; calling CLI v4 in v3 projects; calling CLI v3 in v4 projects, etc.), it took us several patches to fully address these issues. We are now also releasing this patch version in v3 so that users who are not confident enough to upgrade their workflow to v4 can have a more backward-compatible CLI to use.

---

:bug: Bug Fix

• @vue/cli
  • #4712 fix(v3): do not install core plugins that have major version bumps (@​sodatea)

Committers: 1

• Haoqun Jiang (@​sodatea)

v3.12.0

:rocket: New Features

• @vue/cli-service
  • #4662 Support sass-loader v8 (@​sodatea)

:bug: Bug Fix

• @vue/cli-service
  • #4666 fix: fix redundant log messages from webpack-dev-server (@​sodatea)
  • #4613 fix: correctly ignore html templates in copy-webpack-plugin (@​sodatea)
  • #4550 fix: should not proxy sockjs endpoint (@​sodatea)
  • #4654 fix: fix ie11 compatibility when css.extract set to true (@​sodatea)
• @vue/cli-shared-utils
  • #4512 fix(pluginResolution): support dots in scope names (@​ma-jahn)
• @vue/cli
  • #4525 fix: remove the nonexistent test command from generated README (@​cexbrayat)

:memo: Documentation

• @vue/cli
  • #4551 docs: remove run for yarn commands in readme (@​cexbrayat)
• Other
  • #4561 Edited Dockerfile of Docker(Nginx) deployment doc (@​vahdet)
  • #4500 Documentation typo fixes (@​owanhunte)

Committers: 6

• Cédric Exbrayat (@​cexbrayat)
• Haoqun Jiang (@​sodatea)
• Marcel Jahn (@​ma-jahn)
• Natalia Tepluhina (@​NataliaTepluhina)
• Owan Hunte (@​owanhunte)
• vahdet (@​vahdet)

v3.11.0

:rocket: New Features

... (truncated)

Changelog

Sourced from @​vue/cli-service's changelog.

3.12.1 (2019-10-18)

:bug: Bug Fix

• @vue/cli
  • #4712 fix(v3): do not install core plugins that have major version bumps (@​sodatea)

Committers: 1

• Haoqun Jiang (@​sodatea)

3.12.0 (2019-10-10)

:rocket: New Features

• @vue/cli-service
  • #4662 [v3] Support sass-loader v8 (@​sodatea)

:bug: Bug Fix

• @vue/cli-service
  • #4666 fix: fix redundant log messages from webpack-dev-server (@​sodatea)
  • #4613 fix: correctly ignore html templates in copy-webpack-plugin (@​sodatea)
  • #4550 fix: should not proxy sockjs endpoint (@​sodatea)
  • #4654 fix: fix ie11 compatibility when css.extract set to true (@​sodatea)
• @vue/cli-shared-utils
  • #4512 fix(pluginResolution): support dots in scope names (@​ma-jahn)
• @vue/cli
  • #4525 fix: remove the nonexistent test command from generated README (@​cexbrayat)

:memo: Documentation

• @vue/cli
  • #4551 docs: remove run for yarn commands in readme (@​cexbrayat)
• Other
  • #4561 Edited Dockerfile of Docker(Nginx) deployment doc (@​vahdet)
  • #4500 Documentation typo fixes (@​owanhunte)

Committers: 6

• Cédric Exbrayat (@​cexbrayat)
• Haoqun Jiang (@​sodatea)
• Marcel Jahn (@​ma-jahn)
• Natalia Tepluhina (@​NataliaTepluhina)
• Owan Hunte (@​owanhunte)
• vahdet (@​vahdet)

3.11.0 (2019-08-21)

:rocket: New Features

• @vue/cli-service
  • #4468 feat: bump default less-loader version (@​sodatea)

... (truncated)

Commits

• 0817e6d v3.12.1
• 57c6f03 v3.12.0
• 6c0f2ce chore: pre release sync
• 96641cd fix: fix redundant log messages from webpack-dev-server (#4666)
• a3225ac fix: correctly ignore html templates in copy-webpack-plugin (#4613)
• 7554764 fix: should not proxy sockjs endpoint (#4550)
• 02859cf feat: support sass-loader v8 (#4662)
• 0b254a3 fix: fix ie11 compatibility when css.extract set to true (#4654)
• 9272ead v3.11.0
• 7cc0ccf chore: pre release sync
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.