Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependency cssnano to v5 #323

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update dependency cssnano to v5 #323

wants to merge 1 commit into from

Conversation

mend-for-github-com[bot]
Copy link

This PR contains the following updates:

Package Type Update Change
cssnano devDependencies major ^4.1.10 -> ^5.0.0

By merging this PR, the below issues will be automatically resolved and closed:

Severity CVSS Score CVE GitHub Issue
High 7.5 CVE-2021-3803 #113

By merging this PR, the below issues will be automatically resolved and closed:

Severity CVSS Score CVE GitHub Issue
High 7.5 CVE-2023-34104 #224
High 7.5 CVE-2024-41818 #313
Medium 6.5 CVE-2023-26920 #223

By merging this PR, the below issues will be automatically resolved and closed:

Severity CVSS Score CVE GitHub Issue
High 7.5 WS-2021-0152 #92
Medium 5.3 CVE-2021-29060 #93

By merging this PR, the below issues will be automatically resolved and closed:

Severity CVSS Score CVE GitHub Issue
Medium 5.3 CVE-2021-23364 #79

By merging this PR, the below issues will be automatically resolved and closed:

Severity CVSS Score CVE GitHub Issue
Medium 5.3 CVE-2021-23368 #77
Medium 5.3 CVE-2021-23382 #78
Medium 5.3 CVE-2023-44270 #308

Release Notes

cssnano/cssnano (cssnano)

v5.0.0: v5.0.0

Compare Source

Major changes

  • requires Node >= 10.13
  • PostCSS 8 API, so cssnano 5 does not emit warnings when running under PostCSS 8
  • updated to SVGO 2, fixing many SVG minification bugs
  • updated css-value-parser and css-selector-parser, fixing many bugs
Upgrade notes

If you use the cssnano JavaScript API, you need to change your code:

  • Replace cssnano.process() with cssnano().process() (notice the () after cssnano)

  • pass cssnano options to cssnano() instead of process()

cssnano(cssnanoOptions).process(postcssOptions)

Bug fixes

  • fix improperly discarding @font-face declarations #​726
  • partially fix some isues where cssnano did not combine rules when used together with postcss-nested #​1004
  • fix translate3d() minification #​920
  • fix minification of values starting with e #​589, #​984
  • fix minification of percentage vaalues #​962, #​957
  • fix minification of aspect-ratio #​963
  • fix merging of @supports rules #​974
  • fix sorting of longhand and shorthand properties #​535
  • remove vulnerable dependency and always warn with bad SVG input #​1034

v4.1.11

Compare Source

4.1.11

Bug Fixes

  • If you want to rebase/retry this PR, check this box

@mend-for-github-com mend-for-github-com bot added the security fix Security fix generated by WhiteSource label Sep 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
security fix Security fix generated by WhiteSource
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants