build: update dependency postcss to v8.5.12 (21.2.x) - autoclosed#33068
build: update dependency postcss to v8.5.12 (21.2.x) - autoclosed#33068angular-robot wants to merge 1 commit intoangular:21.2.xfrom
Conversation
See associated pull request for more information.
angular-robot
added
action: merge
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request updates the postcss dependency from version 8.5.6 to 8.5.12 across multiple packages and the lockfile to address security vulnerabilities. While the new version has been added, the lockfile still contains references to the vulnerable version 8.5.6; it is recommended to consolidate the dependency tree, perhaps by running pnpm dedupe, to ensure the older version is completely removed.
| resolution: {integrity: sha512-W62t/Se6rA0Az3DfCL0AqJwXuKwBeYg6nOaIgzP+xZ7N5BFCI7DYi1qs6ygUYT6rvfi6t9k65UMLJC+PHZpDAA==} | ||
| engines: {node: ^10 || ^12 || >=14} | ||
|
|
||
| postcss@8.5.6: |
There was a problem hiding this comment.
The lockfile still contains an entry for postcss@8.5.6. Since this update addresses security vulnerabilities (such as arbitrary file read and XSS), it is recommended to ensure that all instances of the vulnerable version are removed from the dependency tree. You may want to check for other packages pinning this version or run pnpm dedupe to consolidate on the patched version.
See associated pull request for more information. Closes #33068 as a pr takeover
angular-robot
changed the title
2 participants
This PR contains the following updates:
8.5.6→8.5.12Release Notes
postcss/postcss (postcss)
v8.5.12Compare Source
opts.unsafeMapto disable checks.v8.5.11Compare Source
v8.5.10Compare Source
</style>in non-bundler cases (by @TharVid).v8.5.9Compare Source
v8.5.8Compare Source
Processor#version.v8.5.7Compare Source