mpbuild icon indicating copy to clipboard operation
mpbuild copied to clipboard

Published 20 hours ago verified publisher icon ximing

[Snyk] Security upgrade postcss from 7.0.39 to 8.4.31

Open ximing opened this issue 1 year ago • 1 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • packages/mpbuild/package.json
    • packages/mpbuild/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 551/1000
Why? Recently disclosed, Has a fix available, CVSS 5.3		 Improper Input Validation
SNYK-JS-POSTCSS-5926692		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: postcss The new version differs by 250 commits.
  • 90208de Release 8.4.31 version
  • 58cc860 Fix carrier return parsing
  • 4fff8e4 Improve pnpm test output
  • cd43ed1 Update dependencies
  • caa916b Update dependencies
  • 8972f76 Typo
  • 11a5286 Typo
  • 45c5501 Release 8.4.30 version
  • bc3c341 Update linter
  • b2be58a Merge pull request #1881 from romainmenke/improve-sourcemap-performance--philosophical-spiny-dogfish-3eb029c1c8
  • 6a291d6 apply suggestions from code review
  • efa442c Update lib/map-generator.js
  • de33cf6 improve sourcemap performance
  • 1c6ad25 Highlight banner with lines
  • e10d5c0 More more detailed text below
  • 3ff5f5f Rephrase into
  • 272aae4 Remove old banner
  • 632e876 Update CI actions
  • cfa6cf4 Change EM banner
  • fee5448 Release 8.4.29 version
  • 3360c39 Update dependencies
  • ade4145 Merge pull request #1879 from idoros/ido/fix-location-offset
  • 9a7077b fix: node end offset
  • ce9f6b3 Merge pull request #1875 from coliff/patch-1

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Improper Input Validation

ximing avatar Oct 02 '23 10:10 ximing

Seems you are using me but didn't get OPENAI_API_KEY seted in Variables/Secrets for this repo. you could follow readme for more information

cr-gpt[bot] avatar Oct 02 '23 10:10 cr-gpt[bot]