postcss-selector-namespace icon indicating copy to clipboard operation
postcss-selector-namespace copied to clipboard

Published 20 hours ago verified publisher icon topaxi

Update dependency postcss to v7.0.36 [SECURITY] - abandoned

Open renovate[bot] opened this issue 4 years ago • 2 comments

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
postcss (source) 7.0.17 -> 7.0.36 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2021-23368

The npm package postcss from 7.0.0 and before versions 7.0.36 and 8.2.10 is vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.

Release Notes

postcss/postcss

v7.0.36

Compare Source

  • Backport ReDoS vulnerabilities from PostCSS 8.

v7.0.35

Compare Source

  • Add migration guide link to PostCSS 8 error text.

v7.0.34

Compare Source

  • Fix compatibility with postcss-scss 2.

v7.0.33

Compare Source

  • Add error message for PostCSS 8 plugins.

v7.0.32

Compare Source

v7.0.31

Compare Source

  • Use only the latest source map annotation (by Emmanouil Zoumpoulakis).

v7.0.30

Compare Source

  • Fix TypeScript definition (by Natalie Weizenbaum).

v7.0.29

Compare Source

  • Update Processor#version.

v7.0.28

Compare Source

  • Fix TypeScript definition (by Natalie Weizenbaum).

v7.0.27

Compare Source

  • Fix TypeScript definition (by Natalie Weizenbaum).

v7.0.26

Compare Source

  • Fix TypeScript definition (by Natalie Weizenbaum).

v7.0.25

Compare Source

  • Fix absolute path support for Windows (by Tom Raviv).

v7.0.24

Compare Source

  • Fix TypeScript definition (by Keith Cirkel).

v7.0.23

Compare Source

  • Update Processor#version.

v7.0.22

Compare Source

  • Add funding link for npm fund.

v7.0.21

Compare Source

  • Revert passing nodes property to node constructor.

v7.0.20

Compare Source

  • Allow to pass PostCSS’s nodes in nodes property to node constructor.

v7.0.19

Compare Source

  • Fix passing nodes property to node constructor.

v7.0.18

Compare Source

  • Fix TypeScript type definitions (by Jan Buschtöns).

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • [ ] If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

renovate[bot] avatar May 15 '21 20:05 renovate[bot]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

renovate[bot] avatar Mar 25 '23 00:03 renovate[bot]

Autoclosing Skipped

This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.

renovate[bot] avatar Oct 25 '23 20:10 renovate[bot]