Bump postcss from 7.0.39 to 8.4.40 in /docs #5099

dependabot · 2024-08-01T06:52:52Z

Bumps postcss from 7.0.39 to 8.4.40.

Release notes

8.4.40

Moved to getter/setter in nodes types to help Sass team (by @nex3).

8.4.39

Fixed CssSyntaxError types (by @romainmenke).

8.4.38

Fixed endIndex: 0 in errors and warnings (by @romainmenke).

8.4.37

Fixed original.column are not numbers error in another case.

8.4.36

Fixed original.column are not numbers error on broken previous source map.

8.4.35

Avoid ! in node.parent.nodes type.

Allow to pass undefined to node adding method to simplify types.

8.4.34

Fixed AtRule#nodes type (by @tim-we).

Cleaned up code (by @DrKiraDmitry).

8.4.33

Fixed NoWorkResult behavior difference with normal mode (by @romainmenke).

Fixed NoWorkResult usage conditions (by @ahmdammarr).

8.4.32

Fixed postcss().process() types (by @ferreira-tb).

8.4.31

Fixed \r parsing to fix CVE-2023-44270.

8.4.30

Improved source map performance (by @romainmenke).

8.4.29

Fixed Node#source.offset (by @idoros).

Fixed docs (by @coliff).

8.4.28

Fixed Root.source.end for better source map (by @romainmenke).

Fixed Result.root types when process() has no parser.

8.4.27

Fixed Container clone methods types.

8.4.26

Fixed clone methods types.

... (truncated)

Changelog

Sourced from postcss's changelog.

8.4.40

Moved to getter/setter in nodes types to help Sass team (by @nex3).

8.4.39

Fixed CssSyntaxError types (by @romainmenke).

8.4.38

Fixed endIndex: 0 in errors and warnings (by @romainmenke).

8.4.37

Fixed original.column are not numbers error in another case.

8.4.36

Fixed original.column are not numbers error on broken previous source map.

8.4.35

Avoid ! in node.parent.nodes type.

Allow to pass undefined to node adding method to simplify types.

8.4.34

Fixed AtRule#nodes type (by Tim Weißenfels).

Cleaned up code (by Dmitry Kirillov).

8.4.33

Fixed NoWorkResult behavior difference with normal mode (by Romain Menke).

Fixed NoWorkResult usage conditions (by @ahmdammarr).

8.4.32

Fixed postcss().process() types (by Andrew Ferreira).

8.4.31

Fixed \r parsing to fix CVE-2023-44270.

8.4.30

Improved source map performance (by Romain Menke).

8.4.29

Fixed Node#source.offset (by Ido Rosenthal).

Fixed docs (by Christian Oliff).

8.4.28

Fixed Root.source.end for better source map (by Romain Menke).

Fixed Result.root types when process() has no parser.

8.4.27

Fixed Container clone methods types.

8.4.26

Fixed clone methods types.

... (truncated)

Commits

3f84b41 Release 8.4.40 version
293ce45 Merge pull request #1950 from nex3/node-getters
fd7ae73 Declare Node subclass attributes as getters
79a6396 Update dependencies
53968d7 Make name more clear
e0efb16 Release 8.4.39 version
48304c5 Update dependencies
155ac57 Merge pull request #1947 from romainmenke/fix-css-syntax-error-type--reliable...
1b9b466 fix CssSyntaxError type declaration
3f4d96e Update dependencies
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [postcss](https://github.com/postcss/postcss) from 7.0.39 to 8.4.40. - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@7.0.39...8.4.40) --- updated-dependencies: - dependency-name: postcss dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>

khanhtc1202

Go go go 👍

Bumps [postcss](https://github.com/postcss/postcss) from 7.0.39 to 8.4.40. - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@7.0.39...8.4.40) --- updated-dependencies: - dependency-name: postcss dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: pipecd-bot <[email protected]>

#5126 #5128 #5130 (#5132) * Register otel TracerProvider to send traces (#5029) * Register otel TracerProvider to send traces Signed-off-by: Shinnosuke Sawada-Dazai <[email protected]> * Bump gRPC version Signed-off-by: Shinnosuke Sawada-Dazai <[email protected]> * Upgrade google.golang.org/grpc Signed-off-by: Shinnosuke Sawada-Dazai <[email protected]> --------- Signed-off-by: Shinnosuke Sawada-Dazai <[email protected]> Signed-off-by: pipecd-bot <[email protected]> * Set fetch-depth to 0 to create correct patches during git cherry-pick as much as possible (#5096) Signed-off-by: Yoshiki Fujikane <[email protected]> Signed-off-by: pipecd-bot <[email protected]> * Bump github.com/docker/docker from 24.0.9+incompatible to 26.1.4+incompatible (#5097) * Bump github.com/docker/docker Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.9+incompatible to 26.1.4+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](moby/moby@v24.0.9...v26.1.4) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> * Manually update docker/cli to pass the tests build errors Signed-off-by: khanhtc1202 <[email protected]> --------- Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: khanhtc1202 <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: khanhtc1202 <[email protected]> Signed-off-by: pipecd-bot <[email protected]> * Bump postcss from 7.0.39 to 8.4.40 in /docs (#5099) Bumps [postcss](https://github.com/postcss/postcss) from 7.0.39 to 8.4.40. - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@7.0.39...8.4.40) --- updated-dependencies: - dependency-name: postcss dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: pipecd-bot <[email protected]> * Use LRUCache for Application Manifests Cache (#5108) * Use LRUCache for Application Manifests Cache Signed-off-by: Shinnosuke Sawada-Dazai <[email protected]> * Use not constant but config value Co-authored-by: Yoshiki Fujikane <[email protected]> Signed-off-by: Shinnosuke Sawada-Dazai <[email protected]> --------- Signed-off-by: Shinnosuke Sawada-Dazai <[email protected]> Co-authored-by: Yoshiki Fujikane <[email protected]> Signed-off-by: pipecd-bot <[email protected]> * Fix UI dependecies deprecated (#5113) Signed-off-by: khanhtc1202 <[email protected]> Signed-off-by: pipecd-bot <[email protected]> * Bump postcss and autoprefixer in /docs (#5114) Bumps [postcss](https://github.com/postcss/postcss) to 8.4.40 and updates ancestor dependency [autoprefixer](https://github.com/postcss/autoprefixer). These dependencies need to be updated together. Updates `postcss` from 7.0.39 to 8.4.40 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@7.0.39...8.4.40) Updates `autoprefixer` from 9.8.8 to 10.4.20 - [Release notes](https://github.com/postcss/autoprefixer/releases) - [Changelog](https://github.com/postcss/autoprefixer/blob/main/CHANGELOG.md) - [Commits](postcss/autoprefixer@9.8.8...10.4.20) --- updated-dependencies: - dependency-name: postcss dependency-type: indirect - dependency-name: autoprefixer dependency-type: direct:development ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: pipecd-bot <[email protected]> * fix: upgrade google-protobuf from 3.21.0 to 3.21.4 (#5115) Snyk has created this PR to upgrade google-protobuf from 3.21.0 to 3.21.4. See this package in yarn: google-protobuf See this project in Snyk: https://app.snyk.io/org/pipecd/project/f41c5767-b506-4f59-beb9-ef662258eb9a?utm_source=github&utm_medium=referral&page=upgrade-pr Signed-off-by: t-kikuc <[email protected]> Co-authored-by: snyk-bot <[email protected]> Signed-off-by: pipecd-bot <[email protected]> * fix: upgrade react-markdown from 6.0.2 to 6.0.3 (#5116) Snyk has created this PR to upgrade react-markdown from 6.0.2 to 6.0.3. See this package in yarn: react-markdown See this project in Snyk: https://app.snyk.io/org/pipecd/project/f41c5767-b506-4f59-beb9-ef662258eb9a?utm_source=github&utm_medium=referral&page=upgrade-pr Signed-off-by: t-kikuc <[email protected]> Co-authored-by: snyk-bot <[email protected]> Signed-off-by: pipecd-bot <[email protected]> * fix: tool/actions-gh-release/Dockerfile to reduce vulnerabilities (#5118) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-ALPINE320-OPENSSL-7413532 - https://snyk.io/vuln/SNYK-ALPINE320-OPENSSL-7413532 Signed-off-by: khanhtc1202 <[email protected]> Co-authored-by: snyk-bot <[email protected]> Signed-off-by: pipecd-bot <[email protected]> * fix: upgrade dayjs from 1.8.28 to 1.11.12 (#5126) Snyk has created this PR to upgrade dayjs from 1.8.28 to 1.11.12. See this package in yarn: dayjs See this project in Snyk: https://app.snyk.io/org/pipecd/project/f41c5767-b506-4f59-beb9-ef662258eb9a?utm_source=github&utm_medium=referral&page=upgrade-pr Signed-off-by: t-kikuc <[email protected]> Co-authored-by: snyk-bot <[email protected]> Signed-off-by: pipecd-bot <[email protected]> * Bump github.com/docker/docker (#5128) Signed-off-by: pipecd-bot <[email protected]> * Update RELEASE to v0.48.5 (#5130) Signed-off-by: Yoshiki Fujikane <[email protected]> Signed-off-by: pipecd-bot <[email protected]> --------- Signed-off-by: Shinnosuke Sawada-Dazai <[email protected]> Signed-off-by: pipecd-bot <[email protected]> Signed-off-by: Yoshiki Fujikane <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: khanhtc1202 <[email protected]> Signed-off-by: t-kikuc <[email protected]> Co-authored-by: Shinnosuke Sawada-Dazai <[email protected]> Co-authored-by: Yoshiki Fujikane <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: khanhtc1202 <[email protected]> Co-authored-by: Khanh Tran <[email protected]> Co-authored-by: snyk-bot <[email protected]> Co-authored-by: Chris Aniszczyk <[email protected]>

…5116 #51…" This reverts commit b1d9cd0.

…5116 #51…" This reverts commit b1d9cd0. Signed-off-by: Yoshiki Fujikane <[email protected]>

…5116 #51…" (#5135) This reverts commit b1d9cd0. Signed-off-by: Yoshiki Fujikane <[email protected]>

Bumps [postcss](https://github.com/postcss/postcss) from 7.0.39 to 8.4.40. - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@7.0.39...8.4.40) --- updated-dependencies: - dependency-name: postcss dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: pipecd-bot <[email protected]>

) * Set fetch-depth to 0 to create correct patches during git cherry-pick as much as possible (#5096) Signed-off-by: Yoshiki Fujikane <[email protected]> Signed-off-by: pipecd-bot <[email protected]> * Bump postcss from 7.0.39 to 8.4.40 in /docs (#5099) Bumps [postcss](https://github.com/postcss/postcss) from 7.0.39 to 8.4.40. - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@7.0.39...8.4.40) --- updated-dependencies: - dependency-name: postcss dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: pipecd-bot <[email protected]> * Use LRUCache for Application Manifests Cache (#5108) * Use LRUCache for Application Manifests Cache Signed-off-by: Shinnosuke Sawada-Dazai <[email protected]> * Use not constant but config value Co-authored-by: Yoshiki Fujikane <[email protected]> Signed-off-by: Shinnosuke Sawada-Dazai <[email protected]> --------- Signed-off-by: Shinnosuke Sawada-Dazai <[email protected]> Co-authored-by: Yoshiki Fujikane <[email protected]> Signed-off-by: pipecd-bot <[email protected]> * Fix UI dependecies deprecated (#5113) Signed-off-by: khanhtc1202 <[email protected]> Signed-off-by: pipecd-bot <[email protected]> * Bump postcss and autoprefixer in /docs (#5114) Bumps [postcss](https://github.com/postcss/postcss) to 8.4.40 and updates ancestor dependency [autoprefixer](https://github.com/postcss/autoprefixer). These dependencies need to be updated together. Updates `postcss` from 7.0.39 to 8.4.40 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@7.0.39...8.4.40) Updates `autoprefixer` from 9.8.8 to 10.4.20 - [Release notes](https://github.com/postcss/autoprefixer/releases) - [Changelog](https://github.com/postcss/autoprefixer/blob/main/CHANGELOG.md) - [Commits](postcss/autoprefixer@9.8.8...10.4.20) --- updated-dependencies: - dependency-name: postcss dependency-type: indirect - dependency-name: autoprefixer dependency-type: direct:development ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: pipecd-bot <[email protected]> * fix: upgrade google-protobuf from 3.21.0 to 3.21.4 (#5115) Snyk has created this PR to upgrade google-protobuf from 3.21.0 to 3.21.4. See this package in yarn: google-protobuf See this project in Snyk: https://app.snyk.io/org/pipecd/project/f41c5767-b506-4f59-beb9-ef662258eb9a?utm_source=github&utm_medium=referral&page=upgrade-pr Signed-off-by: t-kikuc <[email protected]> Co-authored-by: snyk-bot <[email protected]> Signed-off-by: pipecd-bot <[email protected]> * fix: upgrade react-markdown from 6.0.2 to 6.0.3 (#5116) Snyk has created this PR to upgrade react-markdown from 6.0.2 to 6.0.3. See this package in yarn: react-markdown See this project in Snyk: https://app.snyk.io/org/pipecd/project/f41c5767-b506-4f59-beb9-ef662258eb9a?utm_source=github&utm_medium=referral&page=upgrade-pr Signed-off-by: t-kikuc <[email protected]> Co-authored-by: snyk-bot <[email protected]> Signed-off-by: pipecd-bot <[email protected]> * fix: tool/actions-gh-release/Dockerfile to reduce vulnerabilities (#5118) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-ALPINE320-OPENSSL-7413532 - https://snyk.io/vuln/SNYK-ALPINE320-OPENSSL-7413532 Signed-off-by: khanhtc1202 <[email protected]> Co-authored-by: snyk-bot <[email protected]> Signed-off-by: pipecd-bot <[email protected]> * fix: upgrade dayjs from 1.8.28 to 1.11.12 (#5126) Snyk has created this PR to upgrade dayjs from 1.8.28 to 1.11.12. See this package in yarn: dayjs See this project in Snyk: https://app.snyk.io/org/pipecd/project/f41c5767-b506-4f59-beb9-ef662258eb9a?utm_source=github&utm_medium=referral&page=upgrade-pr Signed-off-by: t-kikuc <[email protected]> Co-authored-by: snyk-bot <[email protected]> Signed-off-by: pipecd-bot <[email protected]> --------- Signed-off-by: Yoshiki Fujikane <[email protected]> Signed-off-by: pipecd-bot <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Shinnosuke Sawada-Dazai <[email protected]> Signed-off-by: khanhtc1202 <[email protected]> Signed-off-by: t-kikuc <[email protected]> Co-authored-by: Yoshiki Fujikane <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Shinnosuke Sawada-Dazai <[email protected]> Co-authored-by: Khanh Tran <[email protected]> Co-authored-by: snyk-bot <[email protected]> Co-authored-by: Chris Aniszczyk <[email protected]>

dependabot bot requested a review from nghialv as a code owner August 1, 2024 06:52

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Aug 1, 2024

dependabot bot requested review from khanhtc1202, kentakozuka, ffjlabo, t-kikuc and Warashi as code owners August 1, 2024 06:52

khanhtc1202 approved these changes Aug 1, 2024

View reviewed changes

khanhtc1202 enabled auto-merge (squash) August 1, 2024 06:53

t-kikuc approved these changes Aug 1, 2024

View reviewed changes

khanhtc1202 merged commit 0965b3c into master Aug 1, 2024
13 of 15 checks passed

khanhtc1202 deleted the dependabot/npm_and_yarn/docs/postcss-8.4.40 branch August 1, 2024 06:58

github-actions bot mentioned this pull request Aug 2, 2024

Update RELEASE to v0.48.4 #5104

Merged

ffjlabo added cherry-pick v0.48.5 labels Aug 13, 2024

github-actions bot mentioned this pull request Aug 13, 2024

Update RELEASE to v0.48.5 #5130

Merged

github-actions bot mentioned this pull request Aug 13, 2024

Cherry-pick #5029 #5096 #5097 #5099 #5108 #5113 #5114 #5115 #5116 #5118 #5126 #5128 #5130 #5132

Merged

ffjlabo added a commit that referenced this pull request Aug 14, 2024

Revert "Cherry-pick #5029 #5096 #5097 #5099 #5108 #5113 #5114 #5115 #…

bccb7b1

…5116 #51…" This reverts commit b1d9cd0.

ffjlabo added a commit that referenced this pull request Aug 15, 2024

Revert "Cherry-pick #5029 #5096 #5097 #5099 #5108 #5113 #5114 #5115 #…

9ee9fe3

…5116 #51…" This reverts commit b1d9cd0. Signed-off-by: Yoshiki Fujikane <[email protected]>

ffjlabo added the v0.48.6 label Aug 15, 2024

ffjlabo added a commit that referenced this pull request Aug 15, 2024

Revert "Cherry-pick #5029 #5096 #5097 #5099 #5108 #5113 #5114 #5115 #…

49f7ec0

…5116 #51…" (#5135) This reverts commit b1d9cd0. Signed-off-by: Yoshiki Fujikane <[email protected]>

github-actions bot mentioned this pull request Aug 15, 2024

Cherry-pick #5096 #5099 #5108 #5113 #5114 #5115 #5116 #5118 #5126 #5136

Merged

github-actions bot mentioned this pull request Aug 15, 2024

Update to v0.48.6 #5137

Merged

ffjlabo added the v0.48.6-rc0 label Aug 15, 2024

ffjlabo removed the v0.48.6 label Aug 15, 2024

github-actions bot mentioned this pull request Aug 26, 2024

Release v0.48.7 #5157

Merged

This was referenced Sep 3, 2024

Update release to v0.48.8 #5176

Merged

Release v0.48.9 #5205

Merged

github-actions bot mentioned this pull request Sep 24, 2024

Update RELEASE to v0.49.0 #5221

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump postcss from 7.0.39 to 8.4.40 in /docs #5099

Bump postcss from 7.0.39 to 8.4.40 in /docs #5099

dependabot bot commented on behalf of github Aug 1, 2024

khanhtc1202 left a comment

Bump postcss from 7.0.39 to 8.4.40 in /docs #5099

Bump postcss from 7.0.39 to 8.4.40 in /docs #5099

Conversation

dependabot bot commented on behalf of github Aug 1, 2024

8.4.40

8.4.39

8.4.38

8.4.37

8.4.36

8.4.35

8.4.34

8.4.33

8.4.32

8.4.31

8.4.30

8.4.29

8.4.28

8.4.27

8.4.26

8.4.40

8.4.39

8.4.38

8.4.37

8.4.36

8.4.35

8.4.34

8.4.33

8.4.32

8.4.31

8.4.30

8.4.29

8.4.28

8.4.27

8.4.26

khanhtc1202 left a comment

Choose a reason for hiding this comment