Bump postcss from 8.4.18 to 8.4.31 in /website #433

dependabot · 2023-10-07T08:02:32Z

Bumps postcss from 8.4.18 to 8.4.31.

Release notes

8.4.31

Fixed \r parsing to fix CVE-2023-44270.

8.4.30

Improved source map performance (by @romainmenke).

8.4.29

Fixed Node#source.offset (by @idoros).

Fixed docs (by @coliff).

8.4.28

Fixed Root.source.end for better source map (by @romainmenke).

Fixed Result.root types when process() has no parser.

8.4.27

Fixed Container clone methods types.

8.4.26

Fixed clone methods types.

8.4.25

Improve stringify performance (by @romainmenke).

Fixed docs (by @vikaskaliramna07).

8.4.24

Fixed Plugin types.

8.4.23

Fixed warnings in TypeDoc.

8.4.22

Fixed TypeScript support with node16 (by @remcohaszing).

8.4.21

Fixed Input#error types (by @hudochenkov).

8.4.20

Fixed source map generation for childless at-rules like @layer.

8.4.19

Fixed whitespace preserving after AST transformations (by @romainmenke).

Changelog

Sourced from postcss's changelog.

8.4.31

Fixed \r parsing to fix CVE-2023-44270.

8.4.30

Improved source map performance (by Romain Menke).

8.4.29

Fixed Node#source.offset (by Ido Rosenthal).

Fixed docs (by Christian Oliff).

8.4.28

Fixed Root.source.end for better source map (by Romain Menke).

Fixed Result.root types when process() has no parser.

8.4.27

Fixed Container clone methods types.

8.4.26

Fixed clone methods types.

8.4.25

Improve stringify performance (by Romain Menke).

Fixed docs (by @vikaskaliramna07).

8.4.24

Fixed Plugin types.

8.4.23

Fixed warnings in TypeDoc.

8.4.22

Fixed TypeScript support with node16 (by Remco Haszing).

8.4.21

Fixed Input#error types (by Aleks Hudochenkov).

8.4.20

Fixed source map generation for childless at-rules like @layer.

8.4.19

Fixed whitespace preserving after AST transformations (by Romain Menke).

Commits

90208de Release 8.4.31 version
58cc860 Fix carrier return parsing
4fff8e4 Improve pnpm test output
cd43ed1 Update dependencies
caa916b Update dependencies
8972f76 Typo
11a5286 Typo
45c5501 Release 8.4.30 version
bc3c341 Update linter
b2be58a Merge pull request #1881 from romainmenke/improve-sourcemap-performance--phil...
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [postcss](https://github.com/postcss/postcss) from 8.4.18 to 8.4.31. - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.4.18...8.4.31) --- updated-dependencies: - dependency-name: postcss dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>

bridgecrew

Bridgecrew has found errors in this PR ⬇️

bridgecrew · 2023-10-07T08:03:30Z

website/package-lock.json

-      "version": "3.3.4",
-      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.4.tgz",
-      "integrity": "sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw==",
+      "version": "3.3.6",


webpack 5.74.0 / package-lock.json

Total vulnerabilities: 1

Critical: 1 High: 0 Medium: 0 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

CVE-2023-28154 CRITICAL 9.8 5.76.0 Open

bridgecrew · 2023-10-07T08:03:30Z

website/package-lock.json

-      "version": "3.3.4",
-      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.4.tgz",
-      "integrity": "sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw==",
+      "version": "3.3.6",


trim 0.0.1 / package-lock.json

Total vulnerabilities: 1

Critical: 0 High: 1 Medium: 0 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

CVE-2020-7753 HIGH 7.5 0.0.3 Open

bridgecrew · 2023-10-07T08:03:30Z

website/package-lock.json

-      "version": "3.3.4",
-      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.4.tgz",
-      "integrity": "sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw==",
+      "version": "3.3.6",


semver 7.3.8 / package-lock.json

Total vulnerabilities: 1

Critical: 0 High: 1 Medium: 0 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

CVE-2022-25883 HIGH 7.5 7.5.2 Open

bridgecrew · 2023-10-07T08:03:31Z

website/package-lock.json

-      "version": "3.3.4",
-      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.4.tgz",
-      "integrity": "sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw==",
+      "version": "3.3.6",


loader-utils 3.2.0 / package-lock.json

Total vulnerabilities: 2

Critical: 0 High: 2 Medium: 0 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

CVE-2022-37603 HIGH 7.5 3.2.1 Open

CVE-2022-37599 HIGH 7.5 3.2.1 Open

bridgecrew · 2023-10-07T08:03:31Z

website/package-lock.json

-      "version": "3.3.4",
-      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.4.tgz",
-      "integrity": "sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw==",
+      "version": "3.3.6",


json5 2.2.1 / package-lock.json

Total vulnerabilities: 1

Critical: 0 High: 1 Medium: 0 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

CVE-2022-46175 HIGH 8.8 2.2.2 Open

bridgecrew · 2023-10-07T08:03:31Z

website/package-lock.json

-      "version": "3.3.4",
-      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.4.tgz",
-      "integrity": "sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw==",
+      "version": "3.3.6",


eta 1.12.3 / package-lock.json

Total vulnerabilities: 2

Critical: 0 High: 1 Medium: 1 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

CVE-2022-25967 HIGH 8.8 2.0.0 Open

CVE-2023-23630 MEDIUM 6.1 2.0.0 Open

bridgecrew · 2023-10-07T08:03:31Z

website/package-lock.json

-      "version": "3.3.4",
-      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.4.tgz",
-      "integrity": "sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw==",
+      "version": "3.3.6",


got 9.6.0 / package-lock.json

Total vulnerabilities: 1

Critical: 0 High: 0 Medium: 1 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

CVE-2022-33987 MEDIUM 5.3 12.1.0 Open

bridgecrew · 2023-10-07T08:03:31Z

website/package-lock.json

-      "version": "3.3.4",
-      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.4.tgz",
-      "integrity": "sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw==",
+      "version": "3.3.6",


semver 5.7.1 / package-lock.json

Total vulnerabilities: 1

Critical: 0 High: 1 Medium: 0 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

CVE-2022-25883 HIGH 7.5 7.5.2 Open

bridgecrew · 2023-10-07T08:03:31Z

website/package-lock.json

-      "version": "3.3.4",
-      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.4.tgz",
-      "integrity": "sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw==",
+      "version": "3.3.6",


@sideway/formula 3.0.0 / package-lock.json

Total vulnerabilities: 1

Critical: 0 High: 0 Medium: 1 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

CVE-2023-25166 MEDIUM 5.5 3.0.1 Open

bridgecrew · 2023-10-07T08:03:31Z

website/package-lock.json

-      "version": "3.3.4",
-      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.4.tgz",
-      "integrity": "sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw==",
+      "version": "3.3.6",


semver 6.3.0 / package-lock.json

Total vulnerabilities: 1

Critical: 0 High: 1 Medium: 0 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

CVE-2022-25883 HIGH 7.5 7.5.2 Open

nitrocode · 2023-10-27T15:20:00Z

@dependabot rebase

dependabot · 2023-10-27T15:20:03Z

The dependabot.yml entry that created this PR has been deleted so this PR can't be rebased. Please close the PR so Dependabot can create a new one with the current dependabot.yml.

dependabot · 2023-10-27T15:20:51Z

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

nitrocode · 2023-10-27T15:51:16Z

@dependabot rebase

dependabot · 2023-10-27T15:51:18Z

The dependabot.yml entry that created this PR has been deleted so this PR can't be rebased. Please close the PR so Dependabot can create a new one with the current dependabot.yml.

…4.31

bridgecrew · 2023-10-27T15:53:04Z

website/package-lock.json

-      "version": "3.3.4",
-      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.4.tgz",
-      "integrity": "sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw==",
+      "version": "3.3.6",


webpack 5.74.0 / package-lock.json

Total vulnerabilities: 1

Critical: 1 High: 0 Medium: 0 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

CVE-2023-28154 CRITICAL 9.8 5.76.0 Open

bridgecrew · 2023-10-27T15:53:05Z

website/package-lock.json

-      "version": "3.3.4",
-      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.4.tgz",
-      "integrity": "sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw==",
+      "version": "3.3.6",


trim 0.0.1 / package-lock.json

Total vulnerabilities: 1

Critical: 0 High: 1 Medium: 0 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

CVE-2020-7753 HIGH 7.5 0.0.3 Open

bridgecrew · 2023-10-27T15:53:06Z

website/package-lock.json

-      "version": "3.3.4",
-      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.4.tgz",
-      "integrity": "sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw==",
+      "version": "3.3.6",


semver 7.3.8 / package-lock.json

Total vulnerabilities: 1

Critical: 0 High: 1 Medium: 0 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

CVE-2022-25883 HIGH 7.5 7.5.2 Open

bridgecrew · 2023-10-27T15:53:07Z

website/package-lock.json

-      "version": "3.3.4",
-      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.4.tgz",
-      "integrity": "sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw==",
+      "version": "3.3.6",


loader-utils 3.2.0 / package-lock.json

Total vulnerabilities: 2

Critical: 0 High: 2 Medium: 0 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

CVE-2022-37599 HIGH 7.5 3.2.1 Open

CVE-2022-37603 HIGH 7.5 3.2.1 Open

bridgecrew · 2023-10-27T15:53:08Z

website/package-lock.json

-      "version": "3.3.4",
-      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.4.tgz",
-      "integrity": "sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw==",
+      "version": "3.3.6",


json5 2.2.1 / package-lock.json

Total vulnerabilities: 1

Critical: 0 High: 1 Medium: 0 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

CVE-2022-46175 HIGH 8.8 2.2.2 Open

bridgecrew · 2023-10-27T15:53:09Z

website/package-lock.json

-      "version": "3.3.4",
-      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.4.tgz",
-      "integrity": "sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw==",
+      "version": "3.3.6",


http-cache-semantics 4.1.0 / package-lock.json

Total vulnerabilities: 1

Critical: 0 High: 1 Medium: 0 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

CVE-2022-25881 HIGH 7.5 4.1.1 Open

bridgecrew · 2023-10-27T15:53:10Z

website/package-lock.json

-      "version": "3.3.4",
-      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.4.tgz",
-      "integrity": "sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw==",
+      "version": "3.3.6",


loader-utils 2.0.3 / package-lock.json

Total vulnerabilities: 2

Critical: 0 High: 2 Medium: 0 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

CVE-2022-37599 HIGH 7.5 2.0.4 Open

CVE-2022-37603 HIGH 7.5 2.0.4 Open

bridgecrew · 2023-10-27T15:53:11Z

website/package-lock.json

-      "version": "3.3.4",
-      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.4.tgz",
-      "integrity": "sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw==",
+      "version": "3.3.6",


eta 1.12.3 / package-lock.json

Total vulnerabilities: 2

Critical: 0 High: 1 Medium: 1 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

CVE-2022-25967 HIGH 8.8 2.0.0 Open

CVE-2023-23630 MEDIUM 6.1 2.0.0 Open

bridgecrew · 2023-10-27T15:53:12Z

website/package-lock.json

-      "version": "3.3.4",
-      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.4.tgz",
-      "integrity": "sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw==",
+      "version": "3.3.6",


got 9.6.0 / package-lock.json

Total vulnerabilities: 1

Critical: 0 High: 0 Medium: 1 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

CVE-2022-33987 MEDIUM 5.3 12.1.0 Open

bridgecrew · 2023-10-27T15:53:13Z

website/package-lock.json

-      "version": "3.3.4",
-      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.4.tgz",
-      "integrity": "sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw==",
+      "version": "3.3.6",


semver 5.7.1 / package-lock.json

Total vulnerabilities: 1

Critical: 0 High: 1 Medium: 0 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

CVE-2022-25883 HIGH 7.5 7.5.2 Open

bridgecrew · 2023-10-27T15:53:14Z

website/package-lock.json

-      "version": "3.3.4",
-      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.4.tgz",
-      "integrity": "sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw==",
+      "version": "3.3.6",


@babel/traverse 7.20.1 / package-lock.json

Total vulnerabilities: 1

Critical: 1 High: 0 Medium: 0 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

CVE-2023-45133 CRITICAL 9.3 7.23.2 Open

bridgecrew · 2023-10-27T15:53:15Z

website/package-lock.json

-      "version": "3.3.4",
-      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.4.tgz",
-      "integrity": "sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw==",
+      "version": "3.3.6",


@sideway/formula 3.0.0 / package-lock.json

Total vulnerabilities: 1

Critical: 0 High: 0 Medium: 1 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

CVE-2023-25166 MEDIUM 5.5 3.0.1 Open

bridgecrew · 2023-10-27T15:53:18Z

website/package-lock.json

-      "version": "3.3.4",
-      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.4.tgz",
-      "integrity": "sha512-MqBkQh/OHTS2egovRtLk45wEyNXwF+cokD+1YPf9u5VfJiRdAiRwB2froX5Co9Rh20xs4siNPm8naNotSD6RBw==",
+      "version": "3.3.6",


semver 6.3.0 / package-lock.json

Total vulnerabilities: 1

Critical: 0 High: 1 Medium: 0 Low: 0

Vulnerability ID Severity CVSS Fixed in Status

CVE-2022-25883 HIGH 7.5 7.5.2 Open

nitrocode · 2023-10-29T04:49:54Z

@dependabot rebase

dependabot · 2023-10-29T04:49:57Z

Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry!

If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

nitrocode · 2023-10-31T11:08:38Z

@dependabot recreate

dependabot · 2023-10-31T11:08:42Z

The dependabot.yml entry that created this PR has been deleted so this PR can't be recreated. Please close the PR so Dependabot can create a new one with the current dependabot.yml.

dependabot bot requested review from a team as code owners October 7, 2023 08:02

dependabot bot added the dependencies label Oct 7, 2023

dependabot bot requested a review from johncblandii October 7, 2023 08:02

dependabot bot added the javascript label Oct 7, 2023

dependabot bot requested a review from nitrocode October 7, 2023 08:02

dependabot bot temporarily deployed to preview October 7, 2023 08:02 Inactive

bridgecrew bot reviewed Oct 7, 2023

View reviewed changes

nitrocode closed this Oct 27, 2023

dependabot bot deleted the dependabot/npm_and_yarn/website/postcss-8.4.31 branch October 27, 2023 15:20

nitrocode restored the dependabot/npm_and_yarn/website/postcss-8.4.31 branch October 27, 2023 15:50

nitrocode reopened this Oct 27, 2023

nitrocode temporarily deployed to preview October 27, 2023 15:50 — with GitHub Actions Inactive

Merge branch 'master' into dependabot/npm_and_yarn/website/postcss-8.…

7a4d124

…4.31

nitrocode temporarily deployed to preview October 27, 2023 15:52 — with GitHub Actions Inactive

bridgecrew bot reviewed Oct 27, 2023

View reviewed changes

nitrocode added the no-release Do not create a new release (wait for additional code changes) label Oct 29, 2023

nitrocode closed this Oct 31, 2023

dependabot bot deleted the dependabot/npm_and_yarn/website/postcss-8.4.31 branch October 31, 2023 11:09

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump postcss from 8.4.18 to 8.4.31 in /website #433

Bump postcss from 8.4.18 to 8.4.31 in /website #433

dependabot bot commented on behalf of github Oct 7, 2023

bridgecrew bot left a comment

bridgecrew bot Oct 7, 2023

bridgecrew bot Oct 7, 2023

bridgecrew bot Oct 7, 2023

bridgecrew bot Oct 7, 2023

bridgecrew bot Oct 7, 2023

bridgecrew bot Oct 7, 2023

bridgecrew bot Oct 7, 2023

bridgecrew bot Oct 7, 2023

bridgecrew bot Oct 7, 2023

bridgecrew bot Oct 7, 2023

nitrocode commented Oct 27, 2023

dependabot bot commented on behalf of github Oct 27, 2023

dependabot bot commented on behalf of github Oct 27, 2023

nitrocode commented Oct 27, 2023

dependabot bot commented on behalf of github Oct 27, 2023

bridgecrew bot Oct 27, 2023

bridgecrew bot Oct 27, 2023

bridgecrew bot Oct 27, 2023

bridgecrew bot Oct 27, 2023

bridgecrew bot Oct 27, 2023

bridgecrew bot Oct 27, 2023

bridgecrew bot Oct 27, 2023

bridgecrew bot Oct 27, 2023

bridgecrew bot Oct 27, 2023

bridgecrew bot Oct 27, 2023

bridgecrew bot Oct 27, 2023

bridgecrew bot Oct 27, 2023

bridgecrew bot Oct 27, 2023

nitrocode commented Oct 29, 2023

dependabot bot commented on behalf of github Oct 29, 2023

nitrocode commented Oct 31, 2023

dependabot bot commented on behalf of github Oct 31, 2023

Vulnerability ID	Severity	CVSS	Fixed in	Status
CVE-2022-37603	HIGH	7.5	`3.2.1`	Open
CVE-2022-37599	HIGH	7.5	`3.2.1`	Open

Vulnerability ID	Severity	CVSS	Fixed in	Status
CVE-2022-25967	HIGH	8.8	`2.0.0`	Open
CVE-2023-23630	MEDIUM	6.1	`2.0.0`	Open

Vulnerability ID	Severity	CVSS	Fixed in	Status
CVE-2022-37599	HIGH	7.5	`2.0.4`	Open
CVE-2022-37603	HIGH	7.5	`2.0.4`	Open

Bump postcss from 8.4.18 to 8.4.31 in /website #433

Bump postcss from 8.4.18 to 8.4.31 in /website #433

Conversation

dependabot bot commented on behalf of github Oct 7, 2023

8.4.31

8.4.30

8.4.29

8.4.28

8.4.27

8.4.26

8.4.25

8.4.24

8.4.23

8.4.22

8.4.21

8.4.20

8.4.19

8.4.31

8.4.30

8.4.29

8.4.28

8.4.27

8.4.26

8.4.25

8.4.24

8.4.23

8.4.22

8.4.21

8.4.20

8.4.19

bridgecrew bot left a comment

Choose a reason for hiding this comment

bridgecrew bot Oct 7, 2023

Choose a reason for hiding this comment

webpack 5.74.0 / package-lock.json

Total vulnerabilities: 1

bridgecrew bot Oct 7, 2023

Choose a reason for hiding this comment

trim 0.0.1 / package-lock.json

Total vulnerabilities: 1

bridgecrew bot Oct 7, 2023

Choose a reason for hiding this comment

semver 7.3.8 / package-lock.json

Total vulnerabilities: 1

bridgecrew bot Oct 7, 2023

Choose a reason for hiding this comment

loader-utils 3.2.0 / package-lock.json

Total vulnerabilities: 2

bridgecrew bot Oct 7, 2023

Choose a reason for hiding this comment

json5 2.2.1 / package-lock.json

Total vulnerabilities: 1

bridgecrew bot Oct 7, 2023

Choose a reason for hiding this comment

eta 1.12.3 / package-lock.json

Total vulnerabilities: 2

bridgecrew bot Oct 7, 2023

Choose a reason for hiding this comment

got 9.6.0 / package-lock.json

Total vulnerabilities: 1

bridgecrew bot Oct 7, 2023

Choose a reason for hiding this comment

semver 5.7.1 / package-lock.json

Total vulnerabilities: 1

bridgecrew bot Oct 7, 2023

Choose a reason for hiding this comment

@sideway/formula 3.0.0 / package-lock.json

Total vulnerabilities: 1

bridgecrew bot Oct 7, 2023

Choose a reason for hiding this comment

semver 6.3.0 / package-lock.json

Total vulnerabilities: 1

nitrocode commented Oct 27, 2023

dependabot bot commented on behalf of github Oct 27, 2023

dependabot bot commented on behalf of github Oct 27, 2023

nitrocode commented Oct 27, 2023

dependabot bot commented on behalf of github Oct 27, 2023

bridgecrew bot Oct 27, 2023

Choose a reason for hiding this comment

webpack 5.74.0 / package-lock.json