design-systems-cli icon indicating copy to clipboard operation
design-systems-cli copied to clipboard
verified publisher icon intuit

Update dependency postcss to v7.0.36 [SECURITY] - abandoned

Open renovate[bot] opened this issue 4 years ago • 2 comments

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
postcss (source) 7.0.32 -> 7.0.36 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2021-23368

The npm package postcss from 7.0.0 and before versions 7.0.36 and 8.2.10 is vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.

CVE-2021-23382

The package postcss versions before 7.0.36 or between 8.0.0 and 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern /*\s* sourceMappingURL=(.*).

Release Notes

postcss/postcss

v7.0.36

Compare Source

  • Backport ReDoS vulnerabilities from PostCSS 8.

v7.0.35

Compare Source

  • Add migration guide link to PostCSS 8 error text.

v7.0.34

Compare Source

  • Fix compatibility with postcss-scss 2.

v7.0.33

Compare Source

  • Add error message for PostCSS 8 plugins.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • [ ] If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

renovate[bot] avatar May 11 '21 08:05 renovate[bot]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

renovate[bot] avatar Mar 24 '23 22:03 renovate[bot]

Autoclosing Skipped

This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.

renovate[bot] avatar Sep 22 '23 01:09 renovate[bot]