build(deps): bump postcss from 8.5.6 to 8.5.14#64
Conversation
Bumps [postcss](https://github.com/postcss/postcss) from 8.5.6 to 8.5.14. - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.5.6...8.5.14) --- updated-dependencies: - dependency-name: postcss dependency-version: 8.5.14 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
doistbot
left a comment
doistbot
left a comment
There was a problem hiding this comment.
This pull request updates the postcss dependency to version 8.5.14, which introduces several important security and performance fixes. Keeping build dependencies current is a great way to maintain the security and stability of the project. However, to ensure consistent dependency resolution, the pnpm-lock.yaml file will need to be either regenerated to match the updated package-lock.json or removed entirely.
| "version": "8.5.8", | ||
| "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.8.tgz", | ||
| "integrity": "sha512-OW/rX8O/jXnm82Ey1k44pObPtdblfiuWnrd8X7GJ7emImCOstunGbXUpp7HdBrFQX6rJzn3sPT397Wp5aCwCHg==", | ||
| "version": "8.5.14", |
There was a problem hiding this comment.
[P2] This repo currently commits both package-lock.json and pnpm-lock.yaml, but this bump only updates the npm lockfile. pnpm-lock.yaml still resolves postcss@8.5.6, so installs via pnpm will get a different dependency graph and miss this dependency update. Please regenerate pnpm-lock.yaml for the same bump, or remove the extra lockfile so there is a single source of truth.
|
Dependabot couldn't access the repository. Because of this, Dependabot cannot update this pull request. |
|
Closing — repo migrating to Renovate (see #25). Dependabot disabled. |
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
2 participants
Bumps postcss from 8.5.6 to 8.5.14.
Release notes
Sourced from postcss's releases.
Changelog
Sourced from postcss's changelog.
Commits
3ec1394Release 8.5.14 versionf2bb827Update dependenciesd75953dMerge pull request #2084 from 43081j/raw-raws-rawing68bd213fix: always callrawto retrieve raw valuesaf58cf1Release 8.5.13 versionf227dbdTemporary ignore pnpm 11 configd3abd40Update dependenciesdd06c3eRevert stringifier changes because of the conflict with postcss-scssae889c8Try to fix CIe0093e4Move to pnpm 11Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.