Skip to content

Update dependency postcss to v8.4.31 [SECURITY]#87

Open
renovate[bot] wants to merge 1 commit intomainfrom
renovate/npm-postcss-vulnerability
Open

Update dependency postcss to v8.4.31 [SECURITY]#87
renovate[bot] wants to merge 1 commit intomainfrom
renovate/npm-postcss-vulnerability

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented Aug 6, 2024
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
postcss (source) 8.4.298.4.31 age confidence

PostCSS line return parsing error

CVE-2023-44270 / GHSA-7fh5-64p2-3v2j

More information

Details

An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \r discrepancies, as demonstrated by @font-face{ font:(\r/*);} in a rule.

This vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being originally included in a comment.

Severity

  • CVSS Score: 5.3 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

Release Notes

postcss/postcss (postcss)

v8.4.31

Compare Source

v8.4.30

Compare Source

  • Improved source map performance (by Romain Menke).

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • ""
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added the dependencies label Aug 6, 2024
@changeset-bot
Copy link
Copy Markdown

changeset-bot Bot commented Aug 6, 2024
edited
Loading

⚠️ No Changeset found

Latest commit: 55e2522

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@renovate renovate Bot force-pushed the renovate/npm-postcss-vulnerability branch from a5cf74a to 1254cbc Compare September 30, 2024 18:59
@renovate renovate Bot force-pushed the renovate/npm-postcss-vulnerability branch from 1254cbc to b0dc2af Compare January 23, 2025 17:06
@renovate renovate Bot force-pushed the renovate/npm-postcss-vulnerability branch from b0dc2af to 78a3187 Compare January 30, 2025 18:22
@renovate renovate Bot force-pushed the renovate/npm-postcss-vulnerability branch from 78a3187 to e13c141 Compare February 9, 2025 13:11
@renovate renovate Bot force-pushed the renovate/npm-postcss-vulnerability branch from e13c141 to 913b727 Compare March 3, 2025 11:51
@renovate renovate Bot force-pushed the renovate/npm-postcss-vulnerability branch 2 times, most recently from 999c806 to 1935eb6 Compare March 17, 2025 18:31
@renovate renovate Bot force-pushed the renovate/npm-postcss-vulnerability branch 2 times, most recently from 467e571 to 2cdfb42 Compare April 8, 2025 10:51
@renovate renovate Bot force-pushed the renovate/npm-postcss-vulnerability branch from 2cdfb42 to 8667aa4 Compare May 19, 2025 15:58
@renovate renovate Bot force-pushed the renovate/npm-postcss-vulnerability branch 2 times, most recently from 9969d32 to 5b323d0 Compare June 4, 2025 06:43
@renovate renovate Bot force-pushed the renovate/npm-postcss-vulnerability branch from 5b323d0 to efea569 Compare June 22, 2025 12:31
@renovate renovate Bot force-pushed the renovate/npm-postcss-vulnerability branch from efea569 to 9f0c4a7 Compare July 2, 2025 14:40
@renovate renovate Bot force-pushed the renovate/npm-postcss-vulnerability branch 2 times, most recently from 4a770a4 to dc9d1d6 Compare August 13, 2025 17:28
@renovate renovate Bot force-pushed the renovate/npm-postcss-vulnerability branch from dc9d1d6 to 27d6eca Compare August 19, 2025 17:49
@renovate renovate Bot force-pushed the renovate/npm-postcss-vulnerability branch from 27d6eca to 6016386 Compare September 25, 2025 19:34
@renovate renovate Bot force-pushed the renovate/npm-postcss-vulnerability branch from 6016386 to ad9cd3b Compare October 21, 2025 09:16
@renovate renovate Bot force-pushed the renovate/npm-postcss-vulnerability branch from ad9cd3b to 0ac4dc4 Compare November 18, 2025 14:05
@renovate renovate Bot force-pushed the renovate/npm-postcss-vulnerability branch from 0ac4dc4 to c4b0beb Compare December 3, 2025 18:40
@renovate renovate Bot force-pushed the renovate/npm-postcss-vulnerability branch from c4b0beb to 318d0b4 Compare December 31, 2025 14:44
@renovate renovate Bot force-pushed the renovate/npm-postcss-vulnerability branch from 318d0b4 to 44d5f1c Compare January 19, 2026 16:05
@renovate renovate Bot force-pushed the renovate/npm-postcss-vulnerability branch from 44d5f1c to c771e07 Compare March 5, 2026 19:10
@renovate renovate Bot changed the title Update dependency postcss to v8.4.31 [SECURITY] Update dependency postcss to v8.4.31 [SECURITY] - autoclosed Mar 27, 2026
@renovate renovate Bot closed this Mar 27, 2026
@renovate renovate Bot deleted the renovate/npm-postcss-vulnerability branch March 27, 2026 05:28
@renovate renovate Bot changed the title Update dependency postcss to v8.4.31 [SECURITY] - autoclosed Update dependency postcss to v8.4.31 [SECURITY] Mar 30, 2026
@renovate renovate Bot reopened this Mar 30, 2026
@renovate renovate Bot force-pushed the renovate/npm-postcss-vulnerability branch from c771e07 to eb7db20 Compare March 30, 2026 17:47
@renovate renovate Bot force-pushed the renovate/npm-postcss-vulnerability branch from eb7db20 to 93d7af0 Compare April 8, 2026 18:52
@renovate renovate Bot force-pushed the renovate/npm-postcss-vulnerability branch from 93d7af0 to 45a7c77 Compare April 15, 2026 19:17
@renovate renovate Bot changed the title Update dependency postcss to v8.4.31 [SECURITY] Update dependency postcss to v8.4.31 [SECURITY] - autoclosed Apr 27, 2026
@renovate renovate Bot closed this Apr 27, 2026
@renovate renovate Bot changed the title Update dependency postcss to v8.4.31 [SECURITY] - autoclosed Update dependency postcss to v8.4.31 [SECURITY] Apr 27, 2026
@renovate renovate Bot reopened this Apr 27, 2026
@renovate renovate Bot force-pushed the renovate/npm-postcss-vulnerability branch 2 times, most recently from 45a7c77 to 55e2522 Compare April 27, 2026 21:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants