bosket
bosket copied to clipboard
Bump clean-css from 4.1.4 to 4.1.11
Bumps clean-css from 4.1.4 to 4.1.11.
Changelog
Sourced from clean-css's changelog.
4.1.11 / 2018-03-06
- Backports fixes to ReDOS vulnerabilities in validator code.
4.1.10 / 2018-03-05
- Fixed issue #988 - edge case in dropping default animation-duration.
- Fixed issue #989 - edge case in removing unused at rules.
- Fixed issue #1001 - corrupted tokenizer state.
- Fixed issue #1006 - edge case in handling invalid source maps.
- Fixed issue #1008 - edge case in breaking up
font
shorthand.4.1.9 / 2017-09-19
- Fixed issue #971 - edge case in removing unused at rules.
4.1.8 / 2017-09-02
- Fixed issue #959 - regression in shortening long hex values.
- Fixed issue #960 - better explanation of
efficiency
stat.- Fixed issue #965 - edge case in parsing comment endings.
- Fixed issue #966 - remote
@import
s referenced from local ones.4.1.7 / 2017-07-14
- Fixed issue #957 -
0%
minification ofwidth
property.4.1.6 / 2017-07-08
- Fixed issue #887 - edge case in serializing comments.
- Fixed issue #953 - beautify breaks attribute selectors.
4.1.5 / 2017-06-29
Commits
-
7812d59
Version 4.1.11. -
0440b4a
Fixes ReDOS vulnerabilities. -
c601ebd
Version 4.1.10. -
9e0a38e
Fixes #1006 - handling invalid input source maps. -
913d72c
Fixes #1008 - edge case in breaking upfont
. -
bedd8a9
Adds @abarre fix to #1001 to release notes. -
e944a2b
#1001 Fix corrupted state of tokenizer (#1010) -
8be4084
Fixes #989 - edge case in removing unused at-rules. -
21a5df0
Fixes #988 - edge case in droppinganimation-duration
. -
5f6cbc6
Version 4.1.9. - Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
-
@dependabot rebase
will rebase this PR -
@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it -
@dependabot merge
will merge this PR after your CI passes on it -
@dependabot squash and merge
will squash and merge this PR after your CI passes on it -
@dependabot cancel merge
will cancel a previously requested merge and block automerging -
@dependabot reopen
will reopen this PR if it is closed -
@dependabot ignore this [patch|minor|major] version
will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -
@dependabot use these labels
will set the current labels as the default for future PRs for this repo and language -
@dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language -
@dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language -
@dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language