Bump postcss from 8.2.9 to 8.2.10 #234

Merged
dependabot[bot] merged 1 commit from dependabot/npm_and_yarn/develop/postcss-8.2.10 into develop 2021-04-12 22:30:03 +02:00
dependabot[bot] commented 2021-04-12 06:20:29 +02:00 (Migrated from github.com)

Bumps postcss from 8.2.9 to 8.2.10.

Release notes

Sourced from postcss's releases.

8.2.10

Changelog

Sourced from postcss's changelog.

8.2.10

  • Fixed ReDoS vulnerabilities in source map parsing.
  • Fixed webpack 5 support (by Barak Igal).
  • Fixed docs (by Roeland Moors).
Commits
  • 8395d9f Release 8.2.10 version
  • f2baaa7 Update ESLint config
  • b6f3e4d Fix unsafe regexp in getAnnotationURL() too
  • 4bcd727 Merge pull request #1553 from barak007/patch-2
  • 7c2e97a Add covrage ignore on error paths
  • 8c58434 Apply suggestions from code review
  • ff2fd57 add error for sourcePath
  • 8f02bdc disable url based features
  • a54d020 Fix browser bundling with webpack 5
  • 8682b1e Fix unsafe regexp
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot will merge this PR once CI passes on it, as requested by @Serraniel.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps [postcss](https://github.com/postcss/postcss) from 8.2.9 to 8.2.10. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/postcss/postcss/releases">postcss's releases</a>.</em></p> <blockquote> <h2>8.2.10</h2> <ul> <li>Fixed ReDoS vulnerabilities in source map parsing.</li> <li>Fixed webpack 5 support (by <a href="https://github.com/barak007"><code>@​barak007</code></a>).</li> <li>Fixed docs (by <a href="https://github.com/roelandmoors"><code>@​roelandmoors</code></a>).</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/postcss/postcss/blob/main/CHANGELOG.md">postcss's changelog</a>.</em></p> <blockquote> <h2>8.2.10</h2> <ul> <li>Fixed ReDoS vulnerabilities in source map parsing.</li> <li>Fixed webpack 5 support (by Barak Igal).</li> <li>Fixed docs (by Roeland Moors).</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/postcss/postcss/commit/8395d9f53efbaae5f3372b6b662a9e9b5b02360b"><code>8395d9f</code></a> Release 8.2.10 version</li> <li><a href="https://github.com/postcss/postcss/commit/f2baaa7e3780bad669814df498e301a47b5307c3"><code>f2baaa7</code></a> Update ESLint config</li> <li><a href="https://github.com/postcss/postcss/commit/b6f3e4d5a8d7504d553267f80384373af3a3dec5"><code>b6f3e4d</code></a> Fix unsafe regexp in getAnnotationURL() too</li> <li><a href="https://github.com/postcss/postcss/commit/4bcd7276d19511ec9ae01d6471c6417533240668"><code>4bcd727</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/postcss/postcss/issues/1553">#1553</a> from barak007/patch-2</li> <li><a href="https://github.com/postcss/postcss/commit/7c2e97aeaaae1faa65f655c09798101b4bc00a44"><code>7c2e97a</code></a> Add covrage ignore on error paths</li> <li><a href="https://github.com/postcss/postcss/commit/8c5843463041a9e76b9af2b76eb54db5faddde64"><code>8c58434</code></a> Apply suggestions from code review</li> <li><a href="https://github.com/postcss/postcss/commit/ff2fd57f6632436426156be63e696529f5ba0504"><code>ff2fd57</code></a> add error for sourcePath</li> <li><a href="https://github.com/postcss/postcss/commit/8f02bdcf62b820c8927a822fad02ffb6fec779d9"><code>8f02bdc</code></a> disable url based features</li> <li><a href="https://github.com/postcss/postcss/commit/a54d0205ef4c4bb127ccd1eaa807498f0534cdcf"><code>a54d020</code></a> Fix browser bundling with webpack 5</li> <li><a href="https://github.com/postcss/postcss/commit/8682b1e4e328432ba692bed52326e84439cec9e4"><code>8682b1e</code></a> Fix unsafe regexp</li> <li>Additional commits viewable in <a href="https://github.com/postcss/postcss/compare/8.2.9...8.2.10">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=postcss&package-manager=npm_and_yarn&previous-version=8.2.9&new-version=8.2.10)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) Dependabot will merge this PR once CI passes on it, as requested by @Serraniel. [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details>
Serraniel (Migrated from github.com) approved these changes 2021-04-12 22:29:32 +02:00
Serraniel (Migrated from github.com) left a comment

@dependabot merge

@dependabot merge
Sign in to join this conversation.
No reviewers
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: Serraniel/AniwatchPlus#234
No description provided.