build(deps): bump postcss from 8.5.6 to 8.5.14#64
build(deps): bump postcss from 8.5.6 to 8.5.14#64dependabot[bot] wants to merge 1 commit intomainDoist/outline-cli:mainfrom dependabot/npm_and_yarn/postcss-8.5.14Doist/outline-cli:dependabot/npm_and_yarn/postcss-8.5.14Copy head branch name to clipboard
Conversation
Bumps [postcss](https://github.com/postcss/postcss) from 8.5.6 to 8.5.14. - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.5.6...8.5.14) --- updated-dependencies: - dependency-name: postcss dependency-version: 8.5.14 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
doistbot
left a comment
There was a problem hiding this comment.
This pull request updates the postcss dependency to version 8.5.14, which introduces several important security and performance fixes. Keeping build dependencies current is a great way to maintain the security and stability of the project. However, to ensure consistent dependency resolution, the pnpm-lock.yaml file will need to be either regenerated to match the updated package-lock.json or removed entirely.
| "version": "8.5.8", | ||
| "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.8.tgz", | ||
| "integrity": "sha512-OW/rX8O/jXnm82Ey1k44pObPtdblfiuWnrd8X7GJ7emImCOstunGbXUpp7HdBrFQX6rJzn3sPT397Wp5aCwCHg==", | ||
| "version": "8.5.14", |
There was a problem hiding this comment.
[P2] This repo currently commits both package-lock.json and pnpm-lock.yaml, but this bump only updates the npm lockfile. pnpm-lock.yaml still resolves postcss@8.5.6, so installs via pnpm will get a different dependency graph and miss this dependency update. Please regenerate pnpm-lock.yaml for the same bump, or remove the extra lockfile so there is a single source of truth.
Bumps postcss from 8.5.6 to 8.5.14.
Release notes
Sourced from postcss's releases.
Changelog
Sourced from postcss's changelog.
Commits
3ec1394Release 8.5.14 versionf2bb827Update dependenciesd75953dMerge pull request #2084 from 43081j/raw-raws-rawing68bd213fix: always callrawto retrieve raw valuesaf58cf1Release 8.5.13 versionf227dbdTemporary ignore pnpm 11 configd3abd40Update dependenciesdd06c3eRevert stringifier changes because of the conflict with postcss-scssae889c8Try to fix CIe0093e4Move to pnpm 11Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.