[PR #48] [CLOSED] chore(deps-dev): bump postcss from 8.2.8 to 8.2.10 #49

New Issue

Closed

opened 2025-12-01 17:05:44 +01:00 by arthur · 0 comments

arthur commented 2025-12-01 17:05:44 +01:00

Owner

Copy Link

📋 Pull Request Information

Original PR: https://github.com/ArthurDanjou/website-old/pull/48
Author: @dependabot[bot]
Created: 4/12/2021
Status: ❌ Closed

Base: master ← Head: dependabot/npm_and_yarn/postcss-8.2.10

---

📝 Commits (1)

• a559c17 chore(deps-dev): bump postcss from 8.2.8 to 8.2.10

📊 Changes

2 files changed (+10 additions, -10 deletions)

View changed files

📝 package.json (+1 -1)
📝 yarn.lock (+9 -9)

📄 Description

Bumps postcss from 8.2.8 to 8.2.10.

Release notes

Sourced from postcss's releases.

8.2.10

• Fixed ReDoS vulnerabilities in source map parsing.
• Fixed webpack 5 support (by @​barak007).
• Fixed docs (by @​roelandmoors).

8.2.9

• Exported NodeErrorOptions type (by @​realityking)

Changelog

Sourced from postcss's changelog.

8.2.10

• Fixed ReDoS vulnerabilities in source map parsing.
• Fixed webpack 5 support (by Barak Igal).
• Fixed docs (by Roeland Moors).

8.2.9

• Exported NodeErrorOptions type (by Rouven Weßling).

Commits

• 8395d9f Release 8.2.10 version
• f2baaa7 Update ESLint config
• b6f3e4d Fix unsafe regexp in getAnnotationURL() too
• 4bcd727 Merge pull request #1553 from barak007/patch-2
• 7c2e97a Add covrage ignore on error paths
• 8c58434 Apply suggestions from code review
• ff2fd57 add error for sourcePath
• 8f02bdc disable url based features
• a54d020 Fix browser bundling with webpack 5
• 8682b1e Fix unsafe regexp
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/ArthurDanjou/website-old/pull/48 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 4/12/2021 **Status:** ❌ Closed **Base:** `master` ← **Head:** `dependabot/npm_and_yarn/postcss-8.2.10` --- ### 📝 Commits (1) - [`a559c17`](https://github.com/ArthurDanjou/website-old/commit/a559c170f29866d2e733ad9b636e166421b79436) chore(deps-dev): bump postcss from 8.2.8 to 8.2.10 ### 📊 Changes **2 files changed** (+10 additions, -10 deletions) <details> <summary>View changed files</summary> 📝 `package.json` (+1 -1) 📝 `yarn.lock` (+9 -9) </details> ### 📄 Description Bumps [postcss](https://github.com/postcss/postcss) from 8.2.8 to 8.2.10. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/postcss/postcss/releases">postcss's releases</a>.</em></p> <blockquote> <h2>8.2.10</h2> <ul> <li>Fixed ReDoS vulnerabilities in source map parsing.</li> <li>Fixed webpack 5 support (by <a href="https://github.com/barak007"><code>@​barak007</code></a>).</li> <li>Fixed docs (by <a href="https://github.com/roelandmoors"><code>@​roelandmoors</code></a>).</li> </ul> <h2>8.2.9</h2> <ul> <li>Exported <code>NodeErrorOptions</code> type (by <a href="https://github.com/realityking"><code>@​realityking</code></a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/postcss/postcss/blob/main/CHANGELOG.md">postcss's changelog</a>.</em></p> <blockquote> <h2>8.2.10</h2> <ul> <li>Fixed ReDoS vulnerabilities in source map parsing.</li> <li>Fixed webpack 5 support (by Barak Igal).</li> <li>Fixed docs (by Roeland Moors).</li> </ul> <h2>8.2.9</h2> <ul> <li>Exported <code>NodeErrorOptions</code> type (by Rouven Weßling).</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/postcss/postcss/commit/8395d9f53efbaae5f3372b6b662a9e9b5b02360b"><code>8395d9f</code></a> Release 8.2.10 version</li> <li><a href="https://github.com/postcss/postcss/commit/f2baaa7e3780bad669814df498e301a47b5307c3"><code>f2baaa7</code></a> Update ESLint config</li> <li><a href="https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5"><code>b6f3e4d</code></a> Fix unsafe regexp in getAnnotationURL() too</li> <li><a href="https://github.com/postcss/postcss/commit/4bcd7276d19511ec9ae01d6471c6417533240668"><code>4bcd727</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/postcss/postcss/issues/1553">#1553</a> from barak007/patch-2</li> <li><a href="https://github.com/postcss/postcss/commit/7c2e97aeaaae1faa65f655c09798101b4bc00a44"><code>7c2e97a</code></a> Add covrage ignore on error paths</li> <li><a href="https://github.com/postcss/postcss/commit/8c5843463041a9e76b9af2b76eb54db5faddde64"><code>8c58434</code></a> Apply suggestions from code review</li> <li><a href="https://github.com/postcss/postcss/commit/ff2fd57f6632436426156be63e696529f5ba0504"><code>ff2fd57</code></a> add error for sourcePath</li> <li><a href="https://github.com/postcss/postcss/commit/8f02bdcf62b820c8927a822fad02ffb6fec779d9"><code>8f02bdc</code></a> disable url based features</li> <li><a href="https://github.com/postcss/postcss/commit/a54d0205ef4c4bb127ccd1eaa807498f0534cdcf"><code>a54d020</code></a> Fix browser bundling with webpack 5</li> <li><a href="https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4"><code>8682b1e</code></a> Fix unsafe regexp</li> <li>Additional commits viewable in <a href="https://github.com/postcss/postcss/compare/8.2.8...8.2.10">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

arthur added the pull-request label 2025-12-01 17:05:44 +01:00

arthur closed this issue 2025-12-01 17:05:44 +01:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

dependabot/npm_and_yarn/nuxtjs/sentry-7.1.4

dependabot/npm_and_yarn/core-js-3.29.0

dependabot/npm_and_yarn/sass-1.58.3

dependabot/npm_and_yarn/nuxt/content-2.4.3

dependabot/npm_and_yarn/nuxtjs/i18n-7.3.1

dependabot/npm_and_yarn/nuxt-windicss-2.6.0

dependabot/npm_and_yarn/nuxtjs/color-mode-3.2.0

dependabot/npm_and_yarn/sass-loader-13.2.0

dependabot/npm_and_yarn/markdown-it-prism-2.3.0

dependabot/npm_and_yarn/nuxtjs/composition-api-0.33.1

v3

dev

No results found.

Labels

Clear labels

pull-request

Mirrored from GitHub Pull Request

No Label pull-request

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

arthur

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: arthur/website-old#49