Skip to content

chore(deps): Bump postcss from 8.5.8 to 8.5.15 in /tools/visual-chromatic#164

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/tools/visual-chromatic/postcss-8.5.15
Open

chore(deps): Bump postcss from 8.5.8 to 8.5.15 in /tools/visual-chromatic#164
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/tools/visual-chromatic/postcss-8.5.15

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 20, 2026
edited by cubic-dev-ai Bot
Loading

Bumps postcss from 8.5.8 to 8.5.15.

Release notes

Sourced from postcss's releases.

8.5.15

  • Fixed declaration parsing performance (by @​homanp).

8.5.14

8.5.13

  • Fixed postcss-scss commend regression.

8.5.12

  • Fixed reading any file via user-generated CSS.
  • Added opts.unsafeMap to disable checks.

8.5.11

  • Fixed nested brackets parsing performance (by @​offset).

8.5.10

  • Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

  • Speed up source map encoding paring in case of the error.
Changelog

Sourced from postcss's changelog.

8.5.15

  • Fixed declaration parsing performance (by @​homanp).

8.5.14

8.5.13

  • Fixed postcss-scss commend regression.

8.5.12

  • Fixed reading any file via user-generated CSS.
  • Added opts.unsafeMap to disable checks.

8.5.11

  • Fixed nested brackets parsing performance (by @​offset).

8.5.10

  • Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

  • Speed up source map encoding paring in case of the error.
Commits
  • eae46db Release 8.5.15 version
  • 79508ff Update CI actions
  • b128e21 Speed up declaration parsing by avoiding creating new array on each token
  • 9825dca Fix code format
  • 55789c8 Update dependencies
  • 84fbbe9 Install older pnpm action for old Node.js
  • 9f860bd Revert pnpm action for old Node.js
  • 0877198 Update CI actions
  • b2d1a33 Fix linter warnings
  • 0700dac Merge pull request #2088 from rootvector2/add-oss-fuzz-harness
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Summary by cubic

Upgrade postcss to 8.5.15 in tools/visual-chromatic to pick up security fixes and parsing performance improvements. This patches XSS and arbitrary file read issues and speeds up declaration parsing.

  • Dependencies
    • postcss 8.5.8 → 8.5.15
    • nanoid 3.3.11 → 3.3.12 (transitive)

Written for commit 1ac606e. Summary will update on new commits. Review in cubic

@dependabot
chore(deps): Bump postcss in /tools/visual-chromatic
1ac606e 
Bumps [postcss](https://github.com/postcss/postcss) from 8.5.8 to 8.5.15.
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.5.8...8.5.15)

---
updated-dependencies:
- dependency-name: postcss
  dependency-version: 8.5.15
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added area:ci CI/CD and automation dependencies Dependency updates type:chore Maintenance or housekeeping labels May 20, 2026
@dependabot dependabot Bot requested a review from Prekzursil as a code owner May 20, 2026 00:04
@dependabot dependabot Bot added type:chore Maintenance or housekeeping area:ci CI/CD and automation dependencies Dependency updates labels May 20, 2026
@dependabot dependabot Bot mentioned this pull request May 20, 2026
Closed
@codeant-ai
Copy link
Copy Markdown

codeant-ai Bot commented May 20, 2026

Skipping PR review because a bot author is detected.

If you want to trigger CodeAnt AI, comment @codeant-ai review to trigger a manual review.

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented May 20, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@deepsource-io
Copy link
Copy Markdown

deepsource-io Bot commented May 20, 2026
edited
Loading

DeepSource Code Review

We reviewed changes in 3871476...1ac606e on this pull request. Below is the summary for the review, and you can see the individual issues we found as inline review comments.

See full review on DeepSource ↗

PR Report Card

Overall Grade   Security  

Reliability  

Complexity  

Hygiene  

Code Review Summary

Analyzer Status Updated (UTC) Details
Terraform May 20, 2026 12:04a.m. Review ↗
SQL May 20, 2026 12:04a.m. Review ↗
Rust May 20, 2026 12:04a.m. Review ↗
Shell May 20, 2026 12:04a.m. Review ↗
Ruby May 20, 2026 12:04a.m. Review ↗
PHP May 20, 2026 12:04a.m. Review ↗
Kotlin May 20, 2026 12:04a.m. Review ↗
Swift May 20, 2026 12:04a.m. Review ↗
Scala May 20, 2026 12:04a.m. Review ↗
Python May 20, 2026 12:04a.m. Review ↗
JavaScript May 20, 2026 12:04a.m. Review ↗
Java May 20, 2026 12:04a.m. Review ↗
Go May 20, 2026 12:04a.m. Review ↗
Docker May 20, 2026 12:04a.m. Review ↗
C & C++ May 20, 2026 12:04a.m. Review ↗
Ansible May 20, 2026 12:04a.m. Review ↗

Important

AI Review is run only on demand for your team. We're only showing results of static analysis review right now. To trigger AI Review, comment @deepsourcebot review on this thread.

cubic-dev-ai[bot]
cubic-dev-ai Bot reviewed May 20, 2026
View reviewed changes
Copy link
Copy Markdown

@cubic-dev-ai cubic-dev-ai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 1 file

Re-trigger cubic

@codacy-production
Copy link
Copy Markdown

codacy-production Bot commented May 20, 2026

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

@Prekzursil Prekzursil Awaiting requested review from Prekzursil Prekzursil is a code owner

Assignees

No one assigned

Labels

area:ci CI/CD and automation dependencies Dependency updates type:chore Maintenance or housekeeping

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants