Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(deps): update dependency postcss to v8.4.47 #140

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Feb 14, 2024

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
postcss (source) 8.4.31 -> 8.4.47 age adoption passing confidence

Release Notes

postcss/postcss (postcss)

v8.4.47

Compare Source

  • Removed debug code.

v8.4.46

Compare Source

  • Fixed Cannot read properties of undefined (reading 'before').

v8.4.45

Compare Source

  • Removed unnecessary fix which could lead to infinite loop.

v8.4.44

Compare Source

  • Another way to fix markClean is not a function error.

v8.4.43

Compare Source

  • Fixed markClean is not a function error.

v8.4.42

Compare Source

  • Fixed CSS syntax error on long minified files (by @​varpstar).

v8.4.41

Compare Source

v8.4.40

Compare Source

  • Moved to getter/setter in nodes types to help Sass team (by @​nex3).

v8.4.39

Compare Source

v8.4.38

Compare Source

v8.4.37

Compare Source

  • Fixed original.column are not numbers error in another case.

v8.4.36

Compare Source

  • Fixed original.column are not numbers error on broken previous source map.

v8.4.35

Compare Source

  • Avoid ! in node.parent.nodes type.
  • Allow to pass undefined to node adding method to simplify types.

v8.4.34

Compare Source

  • Fixed AtRule#nodes type (by Tim Weißenfels).
  • Cleaned up code (by Dmitry Kirillov).

v8.4.33

Compare Source

  • Fixed NoWorkResult behavior difference with normal mode (by Romain Menke).
  • Fixed NoWorkResult usage conditions (by @​ahmdammarr).

v8.4.32

Compare Source

  • Fixed postcss().process() types (by Andrew Ferreira).

Configuration

📅 Schedule: Branch creation - "* 0-4 * * 3" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

Copy link

[puLL-Merge] - postcss/[email protected]

logError 400 This model's maximum context length is 16385 tokens. However, your messages resulted in 51289 tokens. Please reduce the length of the messages.

@renovate renovate bot changed the title fix(deps): update dependency postcss to v8.4.35 fix(deps): update dependency postcss to v8.4.36 Mar 21, 2024
Copy link

[puLL-Merge] - postcss/[email protected]

Description

This PR modifies the PostCSS codebase to improve functionality and address some issues. The main changes include modifications to handling of undefined nodes and appending/prepending of nodes, as well as improvements to how warnings are generated for specific properties found in CSS declarations.

Changes

Changes

.github/workflows/test.yml

  • Updated actions for checking out the repository, setting up Node.js, and installing dependencies to newer versions.
  • Added a matrix strategy for Node.js version 20 in the short test job.
  • Removed the --frozen-lockfile option from the pnpm install command.

CHANGELOG.md

  • Added entries for versions 8.4.32 through 8.4.36 detailing various fixes, type improvements, and code cleanups.

.npmignore

  • Added eslint.config.mjs to the npm ignore file.

README.md

  • Updated the URL for Evil Martians' logo.

a/eslint.config.mjs

  • Introduced a new ESLint configuration file using the loguxTsConfig.

lib/at-rule.d.ts, lib/container.d.ts, lib/container.js, lib/declaration.d.ts, lib/document.d.ts, lib/map-generator.js, lib/no-work-result.js, lib/node.d.ts, lib/parser.js, lib/postcss.d.ts, lib/processor.js, lib/root.d.ts, lib/rule.d.ts

  • Made improvements and corrections in types and fixed various issues like NoWorkResult behavior, source map generation inconsistencies, and more.

package.json, pnpm-lock.yaml

  • Updated dependencies versions, some development dependencies, and made changes related to linting and testing configurations.

Security Hotspots

  1. .github/workflows/test.yml: The removal of --frozen-lockfile might introduce risks associated with dependencies not being locked to specific versions, possibly opening doors for dependency confusion attacks or installation of malicious packages.
  2. lib/container.js: Modifications in normalize function to include handling of undefined nodes need a thorough review to ensure that it does not introduce potential security vulnerabilities when manipulating the DOM or rendering content based on these nodes.
  3. lib/map-generator.js: Changes in the source map generation process should be carefully reviewed to prevent potential information disclosure vulnerabilities through source maps that may expose sensitive information in the production environment.

@renovate renovate bot changed the title fix(deps): update dependency postcss to v8.4.36 fix(deps): update dependency postcss to v8.4.37 Mar 23, 2024
Copy link

[puLL-Merge] - postcss/[email protected]

Description

This pull request introduces several modifications to the postcss codebase, focusing on how nodes are managed and altered within containers and other related areas. The primary motivation behind these changes is to enhance functionality and address specific issues or inefficiencies within the library.

Changes

Changes

.github/workflows/test.yml

  • Updated actions for pnpm, setup-node, and actions/checkout to their newer versions.
  • Revised the Node.js version used in tests from 20 to 21 and added version 20 to the testing matrix.
  • Removed the --frozen-lockfile flag from pnpm commands.
  • Added eslint.config.mjs to the .npmignore list.

CHANGELOG.md

  • Documented recent fixes and improvements revolving around handling original.column, simplifying types, and enhancing source map support amongst others.

README.md

  • Updated a link for "Evil Martians".

a/eslint.config.mjs (new file)

  • Introduced ESLint configuration with specific rule modifications.

lib/at-rule.d.ts, lib/container.d.ts, lib/container.js, lib/declaration.d.ts, lib/document.d.ts, lib/map-generator.js, lib/no-work-result.js, lib/node.d.ts, lib/parser.js, lib/postcss.d.ts, lib/processor.js, lib/root.d.ts, lib/rule.d.ts

  • These changes appear to primarily involve types and source mapping enhancements. For instance, adjustments were made to handle edge cases in source map generation and various type definitions (for AtRule, Container, etc.) were updated for better clarity and functionality.

Security Hotspots

  1. Usage of External Actions (test.yml) - External GitHub actions such as actions/checkout@v4, pnpm/action-setup@v3, and actions/setup-node@v4 are used. Ensure that these versions are up-to-date and reviewed for security vulnerabilities. [Risk: Low]

  2. External Dependencies (package.json, pnpm-lock.yaml) - The modifications introduce several updated dependencies and their versions. Each external library should be verified for known vulnerabilities using tools like npm audit or Snyk. [Risk: Medium]

  3. Dynamic Code Evaluation (lib/parser.js) and eslint.config.mjs - Ensure that user-provided input is sanitized correctly to avoid injection vulnerabilities, especially when dealing with dynamic code evaluation or linting configurations that could potentially be manipulated. [Risk: Medium]

  4. Error Handling and Logging (lib/no-work-result.js, lib/map-generator.js) - Changes in how errors are handled or logged can inadvertently leak sensitive information or lead to improper error handling. Review these changes to ensure that sensitive information is not logged, and errors are handled correctly. [Risk: Low]

Overall, these changes appear to bring several enhancements and fixes to the postcss library, with a focus on improving source map support, type safety, and developer ergonomics through updated dependencies and tooling. It's important to review these changes thoroughly, especially focusing on the added external dependencies and changes in critical areas like source map generation and error handling, to ensure they do not introduce new vulnerabilities or regressions.

@renovate renovate bot changed the title fix(deps): update dependency postcss to v8.4.37 fix(deps): update dependency postcss to v8.4.38 Mar 25, 2024
Copy link

[puLL-Merge] - postcss/[email protected]

Description

This PR introduces improvements and bug fixes related to source maps, security enhancements, and various dependency updates.

Changes

Changes

  • .github/workflows/release.yml: Added a GitHub Actions workflow for automated releases based on tag pushes.
  • .github/workflows/test.yml: Updated the testing workflow with newer versions of dependencies and Node.js runtime. Added a matrix strategy for testing across different Node.js versions.
  • .npmignore: Included eslint.config.mjs to be ignored in npm packages.
  • CHANGELOG.md: Documented changes for versions 8.4.32 to 8.4.38, including fixes and improvements.
  • README.md: Updated the link to Evil Martians' website.
  • eslint.config.mjs: Introduced ESLint configuration in MJS format with specific rulesets.
  • lib/at-rule.d.ts, lib/container.d.ts, lib/declaration.d.ts, lib/document.d.ts, lib/map-generator.js, lib/no-work-result.js, lib/node.d.ts, lib/node.js, lib/parser.js, lib/postcss.d.ts, lib/processor.js, lib/root.d.ts, lib/rule.d.ts: Implemented various typescript definition updates, bug fixes (especially in source map handling), and minor enhancements.
  • package.json, pnpm-lock.yaml: Updated dependencies and project metadata.

Security Hotspots

  1. lib/map-generator.js: Modifications in source map generation should be reviewed to prevent potential information disclosure through source maps. (Medium)
  2. .github/workflows/release.yml & .github/workflows/test.yml: Ensure that the actions and scripts executed by GitHub workflows are from trusted sources to avoid malicious code execution. (Low)
  3. Dependabot changes (pnpm-lock.yaml): Dependency updates should be reviewed to ensure they do not introduce known vulnerabilities. (Medium)

@renovate renovate bot changed the title fix(deps): update dependency postcss to v8.4.38 fix(deps): update dependency postcss to v8.4.39 Jul 3, 2024
Copy link

github-actions bot commented Jul 3, 2024

[puLL-Merge] - postcss/[email protected]

Description

This PR introduces several changes to the PostCSS codebase, including updates to dependencies, improvements to test cases, and modifications to type definitions. The changes aim to enhance functionality, fix potential issues, and improve type safety.

Changes

Changes

  1. .github/workflows/release.yml:

    • Added a new workflow file for automated releases.
  2. .github/workflows/test.yml:

    • Updated Node.js versions and dependencies for testing.
  3. .npmignore:

    • Added eslint.config.mjs to the ignored files.
  4. CHANGELOG.md:

    • Added entries for versions 8.4.32 to 8.4.39, detailing various fixes and improvements.
  5. README.md and docs/README-cn.md:

    • Updated links and minor text changes.
  6. docs/plugins.md:

    • Updated various plugin links and descriptions.
  7. eslint.config.mjs:

    • Added a new ESLint configuration file.
  8. lib/at-rule.d.ts:

    • Modified type definitions for AtRule, including changes to the nodes property.
  9. lib/container.d.ts and lib/container.js:

    • Updated type definitions and methods for Container, including handling of undefined values.
  10. lib/css-syntax-error.d.ts:

    • Updated CssSyntaxError to extend Error.
  11. lib/declaration.d.ts:

    • Minor type definition update.
  12. lib/document.d.ts:

    • Added explicit type for nodes property.
  13. lib/map-generator.js:

    • Modified source map generation logic.
  14. lib/no-work-result.js:

    • Updated handling of source maps.
  15. lib/node.d.ts and lib/node.js:

    • Updated type definitions and methods for Node.
  16. lib/postcss.d.ts:

    • Minor type definition update.
  17. lib/processor.js:

    • Updated version number and processing logic.
  18. lib/root.d.ts:

    • Updated type definition for Root.
  19. lib/rule.d.ts:

    • Updated type definitions for Rule.
  20. package.json:

    • Updated version number and dependencies.
  21. Various test files:

    • Added new test cases and updated existing ones to reflect changes in the codebase.

Possible Issues

  1. The changes to source map handling in lib/map-generator.js and lib/no-work-result.js might affect source map generation in some edge cases.
  2. The modifications to type definitions, especially in container and node-related files, might require updates in plugins or projects that depend on these types.

Security Hotspots

No significant security issues were identified in this change set.

@renovate renovate bot changed the title fix(deps): update dependency postcss to v8.4.39 fix(deps): update dependency postcss to v8.4.40 Jul 28, 2024
Copy link

[puLL-Merge] - postcss/[email protected]

Description

This PR introduces several changes to the PostCSS codebase, including updates to dependencies, configuration files, and test cases. The main motivations appear to be improving type safety, updating dependencies, and addressing some edge cases in the codebase.

Changes

Changes

  1. .github/workflows/release.yml:

    • Added a new workflow file for automated releases.
  2. .github/workflows/test.yml:

    • Updated Node.js and pnpm versions.
    • Removed Node.js 16 from the test matrix and added Node.js 20.
  3. .npmignore:

    • Added eslint.config.mjs to the ignore list.
  4. CHANGELOG.md:

    • Added entries for versions 8.4.32 to 8.4.40.
  5. README.md and docs/README-cn.md:

    • Updated links and minor text changes.
  6. docs/plugins.md:

    • Updated various plugin links.
  7. eslint.config.mjs:

    • Added a new ESLint configuration file.
  8. lib/*.d.ts:

    • Updated type definitions for various components (AtRule, Comment, Container, Declaration, etc.).
    • Improved nullable types and added getter/setter methods.
  9. lib/container.js:

    • Minor refactoring and improvements.
  10. lib/css-syntax-error.d.ts:

    • Updated error class to extend from Error.
  11. lib/map-generator.js:

    • Fixed source map generation issues.
  12. lib/no-work-result.js:

    • Improved handling of source maps.
  13. lib/processor.js:

    • Updated version number.
  14. package.json:

    • Updated dependencies and dev dependencies.
    • Removed explicit ESLint configuration.
  15. test/*.test.ts:

    • Added and updated test cases to reflect changes in the codebase.

Possible Issues

No major issues are apparent in this PR. However, the changes to type definitions and nullability checks might require careful review to ensure they don't introduce unintended side effects.

Security Hotspots

There are no obvious security concerns in this PR. The changes appear to be focused on improving type safety and updating dependencies, which generally enhances security.

@renovate renovate bot changed the title fix(deps): update dependency postcss to v8.4.40 fix(deps): update dependency postcss to v8.4.41 Aug 10, 2024
Copy link

[puLL-Merge] - postcss/[email protected]

Description

This PR introduces several changes to the PostCSS codebase, including updates to dependencies, improvements to type definitions, and modifications to various test cases. The changes aim to enhance the functionality, type safety, and test coverage of the library.

Changes

Changes

  1. .github/workflows/release.yml:

    • Added a new GitHub Actions workflow for releasing.
  2. .github/workflows/test.yml:

    • Updated Node.js versions and dependencies.
  3. .npmignore:

    • Added eslint.config.mjs to ignored files.
  4. CHANGELOG.md:

    • Added entries for versions 8.4.32 to 8.4.41.
  5. README.md:

    • Updated links and minor text changes.
  6. docs/README-cn.md:

    • Updated links and removed references to deprecated resources.
  7. docs/plugins.md:

    • Updated plugin links and descriptions.
  8. eslint.config.mjs:

    • Added new ESLint configuration file.
  9. lib/*.d.ts:

    • Improved type definitions for various PostCSS classes and interfaces.
  10. lib/container.js:

    • Modified normalize method to handle undefined input.
  11. lib/map-generator.js:

    • Updated source map generation logic.
  12. lib/no-work-result.js:

    • Modified handling of source maps.
  13. lib/postcss.d.ts:

    • Updated type definitions.
  14. lib/processor.js:

    • Updated version number and simplified condition check.
  15. package.json:

    • Updated dependencies and development scripts.
  16. test/*.test.ts:

    • Added and modified test cases to cover new scenarios and edge cases.

Possible Issues

  • The changes to source map handling in lib/map-generator.js and lib/no-work-result.js might affect the generated source maps in some edge cases.

Security Hotspots

None identified.

@renovate renovate bot changed the title fix(deps): update dependency postcss to v8.4.41 fix(deps): update dependency postcss to v8.4.42 Sep 4, 2024
Copy link

github-actions bot commented Sep 4, 2024

[puLL-Merge] - postcss/[email protected]

Description

This PR introduces several updates and improvements to the PostCSS codebase. The changes include version updates, dependency updates, code refactoring, and bug fixes. The main motivation appears to be keeping the project up-to-date and improving its functionality and robustness.

Changes

Changes

  1. .github/workflows/release.yml:

    • Added a new workflow for automated releases based on tags.
  2. .github/workflows/test.yml:

    • Updated Node.js versions and dependencies for CI testing.
  3. .npmignore:

    • Added eslint.config.mjs to the ignore list.
  4. CHANGELOG.md:

    • Added entries for versions 8.4.32 to 8.4.42, detailing various fixes and improvements.
  5. README.md:

    • Updated sponsorship information and links.
    • Removed reference to a searchable catalog of plugins.
  6. docs/plugins.md:

    • Updated various plugin links and information.
  7. eslint.config.mjs:

    • Added a new ESLint configuration file.
  8. Various TypeScript definition files (.d.ts):

    • Improved type definitions and made them more precise.
    • Added support for optional chaining in some places.
  9. JavaScript files:

    • Refactored and improved various parts of the codebase.
    • Fixed bugs related to source map handling and CSS parsing.
  10. package.json:

    • Updated version to 8.4.42.
    • Updated dependencies and dev dependencies.
  11. test/*.test.ts:

    • Added and updated tests to cover new functionality and edge cases.

Possible Issues

  • The changes to type definitions might cause type errors in projects using PostCSS if they rely on the old definitions.
  • The update to Node.js versions in the CI workflow might affect projects using older Node.js versions.

Security Hotspots

No significant security issues are apparent in this change.

@renovate renovate bot changed the title fix(deps): update dependency postcss to v8.4.42 fix(deps): update dependency postcss to v8.4.43 Sep 5, 2024
Copy link

github-actions bot commented Sep 5, 2024

[puLL-Merge] - postcss/[email protected]

Description

This PR introduces several changes and improvements to the PostCSS codebase. The main motivations appear to be updating dependencies, improving type definitions, fixing bugs, and enhancing test coverage.

Changes

Changes

  1. .github/workflows/release.yml:

    • Added a new workflow for creating releases based on tags.
  2. .github/workflows/test.yml:

    • Updated Node.js versions and dependencies.
  3. .npmignore:

    • Added eslint.config.mjs to ignored files.
  4. CHANGELOG.md:

    • Added entries for versions 8.4.32 to 8.4.43.
  5. README.md:

    • Updated links and minor text changes.
  6. docs/README-cn.md:

    • Updated links.
  7. docs/plugins.md:

    • Updated various plugin links.
  8. eslint.config.mjs:

    • Added new ESLint configuration file.
  9. Library files (lib/*.d.ts, lib/*.js):

    • Numerous type improvements and bug fixes.
    • Updated dependencies and imports.
    • Code refactoring and optimizations.
  10. package.json:

    • Updated version to 8.4.43.
    • Updated dependencies and dev dependencies.
    • Removed old ESLint configuration.
  11. pnpm-lock.yaml:

    • Updated lock file with new dependencies.
  12. Test files:

    • Added new tests and improved existing ones.
    • Fixed type issues in tests.

Possible Issues

No major issues are apparent, but the extensive changes to type definitions and dependencies may require careful testing to ensure compatibility with existing projects.

Security Hotspots

No significant security issues are evident in this change.

@renovate renovate bot changed the title fix(deps): update dependency postcss to v8.4.43 fix(deps): update dependency postcss to v8.4.44 Sep 6, 2024
Copy link

github-actions bot commented Sep 6, 2024

[puLL-Merge] - postcss/[email protected]

Description

This PR includes several updates and improvements to the PostCSS library, including version updates, dependency changes, bug fixes, and enhancements to various components. The main changes include updating the PostCSS version to 8.4.44, upgrading dependencies, improving type definitions, and addressing several issues in different parts of the codebase.

Changes

Changes

  1. .github/workflows/release.yml:

    • Added a new workflow for releasing on tags.
  2. .github/workflows/test.yml:

    • Updated Node.js versions and dependencies for testing.
  3. package.json:

    • Updated PostCSS version to 8.4.44.
    • Updated dependencies and their versions.
    • Modified scripts and configurations.
  4. lib/ files:

    • Various improvements and bug fixes across multiple files.
    • Enhanced type definitions and interfaces.
    • Improved handling of edge cases and error scenarios.
  5. test/ files:

    • Added new tests and updated existing ones to cover recent changes.
    • Improved test coverage for various components.
  6. Documentation updates:

    • Updated README.md with new information and links.
    • Modified plugin list and documentation.
  7. Configuration files:

    • Added eslint.config.mjs for ESLint configuration.
    • Updated .npmignore.

Possible Issues

  • The changes to dependencies and Node.js versions may require users to update their development environments.
  • Some type definition changes might require adjustments in projects using PostCSS types.

Security Hotspots

No significant security issues were identified in this change set. However, as with any major update, it's advisable to thoroughly test the new version in your specific use cases before deploying to production.

@renovate renovate bot changed the title fix(deps): update dependency postcss to v8.4.44 fix(deps): update dependency postcss to v8.4.45 Sep 8, 2024
Copy link

github-actions bot commented Sep 8, 2024

[puLL-Merge] - postcss/[email protected]

Description

This PR introduces several changes and improvements to the PostCSS codebase, including bug fixes, performance enhancements, and updates to dependencies. The main goals appear to be improving the handling of source maps, enhancing error reporting, and refining type definitions.

Changes

Changes

  1. .github/workflows/release.yml:

    • Added a new workflow for automatic releases based on tags.
  2. .github/workflows/test.yml:

    • Updated Node.js versions and dependencies for testing.
  3. .npmignore:

    • Added eslint.config.mjs to the ignore list.
  4. CHANGELOG.md:

    • Added entries for versions 8.4.32 to 8.4.45, detailing various bug fixes and improvements.
  5. README.md:

    • Updated links and sponsorship information.
  6. docs/README-cn.md and docs/plugins.md:

    • Updated links and plugin information.
  7. eslint.config.mjs:

    • Added a new ESLint configuration file.
  8. lib/*.d.ts and lib/*.js:

    • Numerous type definition improvements and code refactoring.
    • Enhanced error handling and source map processing.
    • Improved handling of CSS syntax errors.
  9. package.json:

    • Updated dependencies and scripts.
    • Bumped version to 8.4.45.
  10. test/*.test.ts:

    • Added new tests and improved existing ones.
    • Enhanced coverage for edge cases and error scenarios.

Possible Issues

No major issues are apparent in this PR. The changes seem well-tested and improve the overall functionality and maintainability of the project.

Security Hotspots

There are no obvious security concerns introduced by this PR. The changes primarily focus on internal improvements and do not appear to introduce new attack surfaces or vulnerabilities.

@renovate renovate bot changed the title fix(deps): update dependency postcss to v8.4.45 fix(deps): update dependency postcss to v8.4.47 Sep 18, 2024
Copy link

[puLL-Merge] - postcss/[email protected]

Description

This PR makes several updates and improvements to the PostCSS codebase, including upgrading dependencies, refactoring code, fixing bugs, and adding new features. The changes span across multiple files and include modifications to the build process, testing setup, and core functionality.

Changes

Changes

  1. .github/workflows/release.yml:

    • Added a new workflow for automating releases based on tags.
  2. .github/workflows/test.yml:

    • Updated Node.js and pnpm versions.
    • Modified test matrix to include newer Node.js versions.
  3. .npmignore:

    • Added eslint.config.mjs to the ignore list.
  4. CHANGELOG.md:

    • Added entries for versions 8.4.32 to 8.4.47, detailing various bug fixes and improvements.
  5. README.md and docs/README-cn.md:

    • Updated links and sponsor information.
    • Removed references to deprecated resources.
  6. docs/plugins.md:

    • Updated various plugin links and descriptions.
  7. eslint.config.mjs:

    • Added a new ESLint configuration file.
  8. lib/.d.ts and lib/.js:

    • Made numerous type improvements and bug fixes across multiple files.
    • Refactored code for better performance and maintainability.
  9. package.json:

    • Updated version to 8.4.47.
    • Upgraded dependencies to newer versions.
    • Modified scripts and configuration.
  10. test/.test.ts and test/.test.js:

    • Added new tests and updated existing ones to cover recent changes and edge cases.

Possible Issues

  • The changes to the Node.js version requirements in the test workflow may potentially break compatibility with older Node.js versions.

Security Hotspots

No significant security issues were identified in this change.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants