Skip to content

chore(deps): bump postcss from 8.5.8 to 8.5.14 in the npm_and_yarn group across 1 directory#292

Merged
felipefreitag merged 1 commit into
mainfrom
dependabot/npm_and_yarn/npm_and_yarn-754666cf41
May 8, 2026
Merged

chore(deps): bump postcss from 8.5.8 to 8.5.14 in the npm_and_yarn group across 1 directory#292
felipefreitag merged 1 commit into
mainfrom
dependabot/npm_and_yarn/npm_and_yarn-754666cf41

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 24, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps the npm_and_yarn group with 1 update in the / directory: postcss.

Updates postcss from 8.5.8 to 8.5.14

Release notes

Sourced from postcss's releases.

8.5.14

8.5.13

  • Fixed postcss-scss commend regression.

8.5.12

  • Fixed reading any file via user-generated CSS.
  • Added opts.unsafeMap to disable checks.

8.5.11

  • Fixed nested brackets parsing performance (by @​offset).

8.5.10

  • Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

  • Speed up source map encoding paring in case of the error.
Changelog

Sourced from postcss's changelog.

8.5.14

8.5.13

  • Fixed postcss-scss commend regression.

8.5.12

  • Fixed reading any file via user-generated CSS.
  • Added opts.unsafeMap to disable checks.

8.5.11

  • Fixed nested brackets parsing performance (by @​offset).

8.5.10

  • Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

  • Speed up source map encoding paring in case of the error.
Commits
  • 3ec1394 Release 8.5.14 version
  • f2bb827 Update dependencies
  • d75953d Merge pull request #2084 from 43081j/raw-raws-rawing
  • 68bd213 fix: always call raw to retrieve raw values
  • af58cf1 Release 8.5.13 version
  • f227dbd Temporary ignore pnpm 11 config
  • d3abd40 Update dependencies
  • dd06c3e Revert stringifier changes because of the conflict with postcss-scss
  • ae889c8 Try to fix CI
  • e0093e4 Move to pnpm 11
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 24, 2026
cubic-dev-ai[bot]
cubic-dev-ai Bot reviewed Apr 24, 2026
View reviewed changes

@cubic-dev-ai cubic-dev-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 1 file

Shadow auto-approve: would auto-approve. Security patch for postcss (8.5.10) fixing an XSS vulnerability and improving source map performance. Low-risk dependency update with no impact on core business logic.

@dependabot dependabot Bot changed the title chore(deps): bump postcss from 8.5.8 to 8.5.10 in the npm_and_yarn group across 1 directory chore(deps): bump postcss from 8.5.8 to 8.5.14 in the npm_and_yarn group across 1 directory May 8, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-754666cf41 branch 2 times, most recently from 4b257ec to 7e6d085 Compare May 8, 2026 18:26
@dependabot @felipefreitag
chore(deps): bump postcss in the npm_and_yarn group across 1 directory
c8fe709 
Bumps the npm_and_yarn group with 1 update in the / directory: [postcss](https://github.com/postcss/postcss).


Updates `postcss` from 8.5.8 to 8.5.14
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.5.8...8.5.14)

---
updated-dependencies:
- dependency-name: postcss
  dependency-version: 8.5.10
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@felipefreitag felipefreitag force-pushed the dependabot/npm_and_yarn/npm_and_yarn-754666cf41 branch from 7e6d085 to c8fe709 Compare May 8, 2026 18:28
@felipefreitag felipefreitag merged commit 40973a7 into main May 8, 2026
10 checks passed
@felipefreitag felipefreitag deleted the dependabot/npm_and_yarn/npm_and_yarn-754666cf41 branch May 8, 2026 18:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

@felipefreitag felipefreitag felipefreitag approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@felipefreitag