Bump postcss and nuxt

Open dependabot[bot] opened this issue 3 years ago • 0 comments

Bumps postcss to 7.0.39 and updates ancestor dependency nuxt. These dependencies need to be updated together.

Updates postcss from 5.2.18 to 7.0.39

Release notes

7.0.39

Reduce package size.

Backport nanocolors to picocolors migration.

7.0.38

Update Processor#version.

7.0.37

Backport chalk to nanocolors migration.

7.0.36

Backport ReDoS vulnerabilities from PostCSS 8.

7.0.35

Add migration guide link to PostCSS 8 error text.

7.0.34

Fix compatibility with postcss-scss 2.

7.0.33

Add error message for PostCSS 8 plugins.

7.0.32

Fix error message (by @admosity).

7.0.31

Use only the latest source map annotation (by @emzoumpo).

7.0.30

Fix TypeScript definition (by @nex3)

7.0.29

Update Processor#version.

7.0.28

Fix TypeScript definition (by @nex3).

7.0.27

Fix TypeScript definition (by @nex3).

7.0.26

Fix TypeScript definition (by @nex3)

7.0.25

Fix absolute path support for Windows (by @tomrav)

7.0.24

Fix TypeScript definition (by @keithamus).

7.0.23

... (truncated)

Changelog

Sourced from postcss's changelog.

7.0.39

Reduce package size.

Backport nanocolors to picocolors migration.

7.0.38

Update Processor#version.

7.0.37

Backport chalk to nanocolors migration.

7.0.36

Backport ReDoS vulnerabilities from PostCSS 8.

7.0.35

Add migration guide link to PostCSS 8 error text.

7.0.34

Fix compatibility with postcss-scss 2.

7.0.33

Add error message for PostCSS 8 plugins.

7.0.32

Fix error message (by @admosity).

7.0.31

Use only the latest source map annotation (by Emmanouil Zoumpoulakis).

7.0.30

Fix TypeScript definition (by Natalie Weizenbaum).

7.0.29

Update Processor#version.

7.0.28

Fix TypeScript definition (by Natalie Weizenbaum).

7.0.27

Fix TypeScript definition (by Natalie Weizenbaum).

7.0.26

Fix TypeScript definition (by Natalie Weizenbaum).

7.0.25

Fix absolute path support for Windows (by Tom Raviv).

7.0.24

Fix TypeScript definition (by Keith Cirkel).

7.0.23

... (truncated)

Commits

See full diff in compare view

Updates nuxt from 1.4.5 to 2.15.8

Release notes

Sourced from nuxt's releases.

v2.15.8

🐛 Bug Fixes

vue-app

#9460 Don't normalise route path if it's valid

babel

#9631 Loose option for babel private-property-in-object

v2.15.7

🔰 Security advisory

Please upgrade to nuxt@^2.15.7 if using [email protected] or [email protected]

🐛 Bug Fixes

vue-app

#9431 Check whether a route exists within the nuxt app before replacing

v2.15.6

🐛 Bug Fixes

types

#9270 Pin to @types/[email protected] (resolves #9268)

v2.15.5

🐛 Bug Fixes

babel

#9232 Loose option for babel class-properties and private-methods (resolves #9224)

vue-app

#9201 Use route.replace instead of router.push to trigger navigation guards (resolves #9111)

builder

#9153 Resolve aliases in build.watch paths (resolves #9045)

cli

#9152 Add warning for css-loader < 4.2 (resolves #9117)

💖 Thanks to

Thomas Beduneau (@enwin)

@rlam3

v2.15.4

🐛 Bug Fixes

vue-app

#8978 Reload page once after loading chunk error (resolves #3389)

#9008 Fallback to global nuxt instance of $root is not available (resolves #8995)

... (truncated)

Changelog

Sourced from nuxt's changelog.

Release Plan

Starting with version v2.4, Nuxt will adhere to a formalized release plan (as good as possible). Also, an end of life for older major versions is defined with this document.

Major versions (3.x -> 4.0)

Nuxt major releases are planned every 6 months. This depends on a few factors though:

If there are no breaking changes waiting for a release, no new major version will be published. Instead, another minor one will be released

In case of unexpected major updates of important dependencies like Vue, Webpack, and so on, major versions might be released earlier than planned

The goal is to provide a migration guide for each major version as well, as escape hatches, so existing code won't "just break".

Minor versions (2.1 -> 2.2)

The release cycle for Nuxt minor versions is roughly 4 weeks.

Three of the four weeks will be used for actual feature implementations while the last week will be used for testing, fixing bugs and thorough audits.

That also means a feature freeze for the next minor version after these three weeks. Features that aren't ready will be moved to the next cycle. "Waiting" for features (for a longer time) will be avoided as good as possible to keep releases lean, concise, predictable and digestible.

Patch releases (2.2.3 -> 2.2.4)

The last patch releases were mostly bundled fixes or single hotfixes. In the future, fixes will be released as soon as possible after the actual PR/commit so people won't have to switch to nuxt-edge for bugfixes. This should improve the stability of Nuxt.

Fixes can or will include:

Updates of dependencies (for various reasons, like a "faulty/buggy" dependency or an newer versions that works better with the Nuxt code)

Fixes for our code

Bugfixes for upcoming features won't be ported of course.

Edge Release Channel

After experimenting with nuxt-edge releases in the last time, the decision to do nightly releases for now instead of releasing a version after each commit was made.

End of Life

Starting with v2.4, every major Nuxt version will have an End of Life. Previous releases will receive security updates and bugfixes for one year and two weeks, counted from the first release on. As Nuxt majors are approximately released once every 6 months, this will allow developers to "skip one major version" without being stuck with a broken or unsecure Nuxt dependency. The EOL also applies to the documentation.

Commits

d4b9e4b v2.15.8
af1d3e9 chore: skip audit due to outdated lockfile
1ccd151 fix(vue-app): don't normalise route path if it's valid (#9460)
af49199 fix(babel): loose option for babel private-property-in-object (#9631)
4f370e2 v2.15.7
85615a5 fix(vue-app): check whether route exists within nuxt app before replacing (#9...
0eae970 chore(release): v2.15.6
fc5fb58 hotfix: revert feat additions
cd1fc62 chore(deps): update ufo to 0.7.4
a80ddee chore(deps): update all non-major dependencies (#9281)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
@dependabot use these labels will set the current labels as the default for future PRs for this repo and language
@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Oct 05 '22 13:10 dependabot[bot]