This repository was archived by the owner on May 13, 2025. It is now read-only.
Open
Conversation
Snyk has created this PR to upgrade postcss from 8.2.10 to 8.3.5. See this package in npm: https://www.npmjs.com/package/postcss See this project in Snyk: https://app.snyk.io/org/hafixo/project/6b0053d6-bdb6-4276-a59d-ccf63d575162?utm_source=github&utm_medium=upgrade-pr
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade postcss from 8.2.10 to 8.3.5.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version fixes:
SNYK-JS-TRIMNEWLINES-1298042
Why? CVSS 7.5
SNYK-JS-NORMALIZEURL-1296539
Why? CVSS 7.5
SNYK-JS-WS-1296835
Why? CVSS 7.5
SNYK-JS-POSTCSS-1255640
Why? CVSS 7.5
SNYK-JS-POSTCSS-1255640
Why? CVSS 7.5
SNYK-JS-POSTCSS-1090595
Why? CVSS 7.5
SNYK-JS-PATHPARSE-1077067
Why? CVSS 7.5
SNYK-JS-GLOBPARENT-1016905
Why? CVSS 7.5
SNYK-JS-CSSWHAT-1298035
Why? CVSS 7.5
SNYK-JS-BROWSERSLIST-1090194
Why? CVSS 7.5
(*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: postcss
-
8.3.5 - 2021-06-17
- Fixed broken AST detection.
-
8.3.4 - 2021-06-14
- Fixed broken AST detection.
-
8.3.3 - 2021-06-14
- Fixed broken AST on
-
8.3.2 - 2021-06-11
- Update changelog.
-
8.3.1 - 2021-06-09
- Fixed false positives
-
8.3.0 - 2021-05-21
- Tidelift with a Spotify-like subscription model supporting all projects from your lock file.
- Direct donations in PostCSS & Autoprefixer Open Collective.
-
8.2.15 - 2021-05-10
- Fixed
-
8.2.14 - 2021-05-05
- Removed
-
8.2.13 - 2021-04-26
-
8.2.12 - 2021-04-22
-
8.2.11 - 2021-04-22
-
8.2.10 - 2021-04-11
from postcss GitHub release notespostcssdependency duplication in custom parsers.PostCSS does nothingwarning onsyntaxoption.PostCSS 8.3 improved source map parsing performance, added
Node#assign()shortcut, and experimentalDocumentnode to AST.Thanks to Sponsors
This release was possible thanks to our community.
If your company wants to support the sustainability of front-end infrastructure or wants to give some love to PostCSS, you can join our supporters by:
Source Map Performance
Because PostCSS needs synchronous API, we can’t move from the old `source-map 0.6 to 0.7 (many other open-source projects too).
@ 7rulnik forked
source-map0.6 tosource-map-jsand back-ported performance improvements from 0.7. In 8.3 we switched fromsource-mapto thissource-map-jsfork.You map see 4x performance improvements in parsing map from processing step before PostCSS (for instance, Sass).
DocumentNodesThanks to @ gucong3000, PostCSS already parse CSS from HTML and JS files (CSS-in-JS templates and objects).
But his plugin need big updates. @ hudochenkov from stylelint team decided to create new parsers for styles inside CSS-in-JS, HTML, and Markdown.
He suggested adding new
Documentnode type to PostCSS AST to keep multipleRootnodes inside and JS/HTML/Markdown code blocks between these style blocks.This is an experimental feature. Some aspects of this node could change within minor or patch version releases.
Node#assign()ShortcutThe creator of famous
postcss-preset-envand many other PostCSS tools, @ jonathantneal suggested a nice shortcut to change multiple properties in the node:listtype definitions (by @ n19htz).source-mapfrom client-side bundle (by @ barak007).Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs