[Snyk] Upgrade: , , , , cosmiconfig, css-functions-list, debug, micromatch, fast-glob, ignore, known-css-properties, picocolors, postcss, postcss-resolve-nested-selector, postcss-selector-parser, supports-hyperlinks, table #64
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade multiple dependencies.
👯 The following dependencies are linked and will therefore be updated together.ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
@csstools/css-parser-algorithms
from 2.3.0 to 2.7.1 | 10 versions ahead of your current version | 3 months ago
on 2024-07-06
@csstools/css-tokenizer
from 2.1.1 to 2.4.1 | 11 versions ahead of your current version | 3 months ago
on 2024-07-05
@csstools/media-query-list-parser
from 2.1.2 to 2.1.13 | 11 versions ahead of your current version | 3 months ago
on 2024-07-06
@csstools/selector-specificity
from 3.0.0 to 3.1.1 | 5 versions ahead of your current version | 4 months ago
on 2024-05-13
cosmiconfig
from 8.2.0 to 8.3.6 | 7 versions ahead of your current version | a year ago
on 2023-09-13
css-functions-list
from 3.1.0 to 3.2.2 | 3 versions ahead of your current version | 5 months ago
on 2024-04-22
debug
from 4.3.4 to 4.3.6 | 2 versions ahead of your current version | 2 months ago
on 2024-07-27
micromatch
from 4.0.5 to 4.0.8 | 3 versions ahead of your current version | a month ago
on 2024-08-23
fast-glob
from 3.3.0 to 3.3.2 | 2 versions ahead of your current version | a year ago
on 2023-11-06
ignore
from 5.2.4 to 5.3.2 | 3 versions ahead of your current version | a month ago
on 2024-08-12
known-css-properties
from 0.28.0 to 0.34.0 | 6 versions ahead of your current version | 3 months ago
on 2024-06-18
picocolors
from 1.0.0 to 1.0.1 | 1 version ahead of your current version | 4 months ago
on 2024-05-14
postcss
from 8.4.24 to 8.4.43 | 19 versions ahead of your current version | 21 days ago
on 2024-09-01
postcss-resolve-nested-selector
from 0.1.1 to 0.1.6 | 4 versions ahead of your current version | a month ago
on 2024-08-12
postcss-selector-parser
from 6.0.13 to 6.1.2 | 6 versions ahead of your current version | a month ago
on 2024-08-12
supports-hyperlinks
from 3.0.0 to 3.1.0 | 1 version ahead of your current version | a month ago
on 2024-08-20
table
from 6.8.1 to 6.8.2 | 1 version ahead of your current version | 6 months ago
on 2024-03-26
Issues fixed by the recommended upgrade:
SNYK-JS-BRACES-6838727
SNYK-JS-MICROMATCH-6838728
SNYK-JS-POSTCSS-5926692
Release notes
Package name: @csstools/css-parser-algorithms
Package name: @csstools/css-tokenizer
Package name: @csstools/media-query-list-parser
Package name: @csstools/selector-specificity
Package name: cosmiconfig
8.3.6 (2023-09-13)
Bug Fixes
8.3.5 (2023-09-08)
Bug Fixes
8.3.4 (2023-09-04)
Bug Fixes
8.3.3 (2023-09-03)
Bug Fixes
8.3.2 (2023-09-02)
Bug Fixes
.cjs
extension for sync compiled typescript (0d76a9a)8.3.1 (2023-09-02)
Bug Fixes
stopDir
when undefined (59082e2), closes #3178.3.0 (2023-09-02)
Features
8.2.0
Package name: css-functions-list
Changed
Changed
X|Y|Z
, likerotatex
orrotatey
(rotateX
or
rotateY
) (#4)Added
(#4)
Package name: debug
What's Changed
New Contributors
Full Changelog: 4.3.5...4.3.6
Patch
Thank you @ calvintwr for the fix.
What's Changed
New Contributors
Full Changelog: 4.3.3...4.3.4
Package name: micromatch
Ultimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.
No content.
Resolves #249
… thanks to @ joyceerhl at Microsoft.
See #233 for more details.
Package name: fast-glob
🐛 Bug fixes
This release fixes a regression for cases where the
ignore
option is used with a string (#403, #404).The public interface of this package does not support a string as the value for the
ignore
option since 2018 year (release).So, in the next major release, we will reintroduce method implementations that do not involve strings in the
ignore
option.🚀 Improvements
Method aliases
New methods (
glob
,globSync
,globStream
) have been added in addition to the current methods (default import,sync
,stream
), which eliminate the need to rename the method when importing. In addition, anasync
alias has been added for the default import, which makes it possible to use this packet with ESM.Method to convert paths to globs
A new method (
convertPathToPattern
) has been added in this release to convert a path to a pattern. The primary goal is to enable users to avoid processing Windows paths in each location where this package is used by utilities from third-party packages.See more details in the pull request.
🐛 Bug fixes
baseNameMatch
option was enabled, which went against the documented behavior. (#312)micromatch
package does not correctly generate a regular expression (#365).dot
option enabled when matching paths. Previously, the!**/*
patterns did not exclude hidden files (start with a dot). (#343)['./file.md', 'file.md', '*']
will now only includefile.md
once in the results. (#190)📖 Documentation
A clarifying note has been added for the
concurrency
option, which provides more detailed information about the Thread Pool utilization.⚙️ Infrastructure
🥇 New Contributors
Package name: ignore
5.3.2: fixes #130, fixes consequent escaped backslashes
5.3.1: #108: remove BOM before processing .gitignore rules
5.3.0
Options
interface (#105)An upgrade is safe for all dependents
It allows typing external methods which expect
Options
as a param, by importing theOptions
interface.An upgrade is recommended for all dependents
The following rules could be not properly parsed with previous
ignore
versionsPackage name: known-css-properties
What's Changed
New Contributors
Full Changelog: v0.33.0...v0.34.0
What's Changed
Full Changelog: v0.32.0...v0.33.0
What's Changed
Full Changelog: v0.31.0...v0.32.0
What's Changed
Full Changelog: v0.30.0...v0.31.0
Update properties
Update properties
Update dependencies
Full Changelog: v0.28.0...v0.29.0
Package name: picocolors
What's new?
What's new?
createColors()
in TypeScript typings #34Package name: postcss
markClean is not a function
error.CssSyntaxError
types (by @ romainmenke).endIndex: 0
in errors and warnings (by @ romainmenke).Package name: postcss-resolve-nested-selector
Package name: postcss-selector-parser
6.1.2
6.1.1
6.1.0
sourceIndex
toSelector
nodes (#290)6.0.16
index
argument toeach
/walk
callback types (#289)6.0.15
6.0.14
6.0.13
Package name: supports-hyperlinks
v3.0.0...v3.1.0
Breaking
Improvements
v2.3.0...v3.0.0
Package name: table
6.8.2 (2024-03-26)
Bug Fixes
6.8.1 (2022-11-02)
Bug Fixes
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information: