Bump postcss from 8.4.30 to 8.4.31 #281

Closed

dependabot[bot] wants to merge 1 commits from dependabot/npm_and_yarn/postcss-8.4.31 into main

pull from: dependabot/npm_and_yarn/postcss-8.4.31

merge into: STEMMechanics:main

STEMMechanics:main

STEMMechanics:shift-165916

STEMMechanics:bot/dependency-update

STEMMechanics:shift-161875

STEMMechanics:snyk-fix-f31d077c38ebebf2e47f9e4ff9f09319

STEMMechanics:snyk-upgrade-e53b068752afc78c7fa2d46e2c7a58cd

STEMMechanics:snyk-upgrade-88e45ebed7183eb901ce8cb80e725ded

STEMMechanics:snyk-upgrade-af1e58b3f6fc896105e9531a9433473b

STEMMechanics:snyk-upgrade-af0b55a6b8181b9e26a26a1f1269acdc

STEMMechanics:snyk-fix-9d1cf2462c80b56500d6dbbf3f68f72e

STEMMechanics:inertiajs

STEMMechanics:develop

STEMMechanics:feature/remove-vue

STEMMechanics:shift-91888

STEMMechanics:shift-91885

STEMMechanics:shift-91887

STEMMechanics:media-update

STEMMechanics:dev

Conversation 1 Commits 1 Files Changed 2 +5 -5

dependabot[bot] commented 2023-09-29 00:22:53 +00:00 (Migrated from github.com)

Copy Link

Bumps postcss from 8.4.30 to 8.4.31.

Release notes

Sourced from postcss's releases.

8.4.31

• Fixed \r parsing to fix CVE-2023-44270.

Changelog

Sourced from postcss's changelog.

8.4.31

• Fixed \r parsing to fix CVE-2023-44270.

Commits

• 90208de Release 8.4.31 version
• 58cc860 Fix carrier return parsing
• 4fff8e4 Improve pnpm test output
• cd43ed1 Update dependencies
• caa916b Update dependencies
• 8972f76 Typo
• 11a5286 Typo
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [postcss](https://github.com/postcss/postcss) from 8.4.30 to 8.4.31. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/postcss/postcss/releases">postcss's releases</a>.</em></p> <blockquote> <h2>8.4.31</h2> <ul> <li>Fixed <code>\r</code> parsing to fix CVE-2023-44270.</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/postcss/postcss/blob/main/CHANGELOG.md">postcss's changelog</a>.</em></p> <blockquote> <h2>8.4.31</h2> <ul> <li>Fixed <code>\r</code> parsing to fix CVE-2023-44270.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/postcss/postcss/commit/90208de8805dd762596c0028b8637ffbed23e371"><code>90208de</code></a> Release 8.4.31 version</li> <li><a href="https://github.com/postcss/postcss/commit/58cc860b4c1707510c9cd1bc1fa30b423a9ad6c5"><code>58cc860</code></a> Fix carrier return parsing</li> <li><a href="https://github.com/postcss/postcss/commit/4fff8e4cdc237619df1d73a444c0a8329701c1e2"><code>4fff8e4</code></a> Improve pnpm test output</li> <li><a href="https://github.com/postcss/postcss/commit/cd43ed123274a92ebc13a1e8cccf1d65b8198f84"><code>cd43ed1</code></a> Update dependencies</li> <li><a href="https://github.com/postcss/postcss/commit/caa916bdcbf66c51321574e2dde112ab13e8b306"><code>caa916b</code></a> Update dependencies</li> <li><a href="https://github.com/postcss/postcss/commit/8972f76923e921a3c9655822382039b31b1c8e1a"><code>8972f76</code></a> Typo</li> <li><a href="https://github.com/postcss/postcss/commit/11a5286f781d2a637f2c545c5e9cd661055acaab"><code>11a5286</code></a> Typo</li> <li>See full diff in <a href="https://github.com/postcss/postcss/compare/8.4.30...8.4.31">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>

dependabot[bot] commented 2023-09-29 01:15:30 +00:00 (Migrated from github.com)

Copy Link

Looks like postcss is up-to-date now, so this is no longer needed.

Looks like postcss is up-to-date now, so this is no longer needed.

Pull request closed

This pull request cannot be reopened because the branch was deleted.

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

Clear labels

bug

Something isn't working

dependencies

Pull requests that update a dependency file

documentation

Improvements or additions to documentation

duplicate

This issue or pull request already exists

enhancement

New feature or request

good first issue

Good for newcomers

help wanted

Extra attention is needed

invalid

This doesn't seem right

javascript

Pull requests that update Javascript code

php

Pull requests that update Php code

question

Further information is requested

wontfix

This will not be worked on

No Label dependencies javascript

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

nomadjimbob renovate-bot

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: STEMMechanics/Website#281