Skip to content

chore(deps-dev): bump postcss from 8.5.10 to 8.5.11#92

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/postcss-8.5.10
Open

chore(deps-dev): bump postcss from 8.5.10 to 8.5.11#92
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/postcss-8.5.10

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 4, 2026

Copy link
Copy Markdown

Bumps postcss from 8.5.10 to 8.5.11.

Release notes

Sourced from postcss's releases.

8.5.11

  • Fixed nested brackets parsing performance (by @​offset).
Changelog

Sourced from postcss's changelog.

8.5.11

  • Fixed nested brackets parsing performance (by @​offset).
Commits
  • 2502f75 Release 8.5.11 version
  • 5ca1901 Speed up parsing many nested brackets
  • 42b5337 Update dependencies
  • 7e36e15 Cache node.raws locally in Stringifier hot methods
  • 8ec62b1 Bypass MapGenerator for no-source-map stringify in LazyResult
  • See full diff in compare view

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.


This change is Reviewable

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 4, 2026
@snyk-io

snyk-io Bot commented May 4, 2026

Copy link
Copy Markdown

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@socket-security

socket-security Bot commented May 4, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updatednanoid@​3.3.7 ⏵ 5.1.5100100 +280 -188100
Addedignore@​7.0.59910010080100
Addedfind-up@​7.0.010010010081100
Addedsource-map-support@​0.5.219910010083100
Addeddotenv@​17.2.39910010091100

View full report

@dependabot dependabot Bot changed the title chore(deps): bump postcss from 6.0.23 to 8.5.10 chore(deps-dev): bump postcss from 8.5.10 to 8.5.11 May 10, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/postcss-8.5.10 branch 2 times, most recently from 5b7c562 to 9e859f9 Compare May 12, 2026 16:32
@kilo-code-bot

kilo-code-bot Bot commented May 12, 2026

Copy link
Copy Markdown

Kilo Code Review could not run — your account is out of credits.

Add credits or switch to a free model to enable reviews on this change.

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/postcss-8.5.10 branch from 9e859f9 to e8ac5b0 Compare May 23, 2026 16:33
@snyk-io

snyk-io Bot commented May 23, 2026

Copy link
Copy Markdown

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
🔚 Open Source Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

Bumps [postcss](https://github.com/postcss/postcss) from 8.5.10 to 8.5.11.
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.5.10...8.5.11)

---
updated-dependencies:
- dependency-name: postcss
  dependency-version: 8.5.10
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/postcss-8.5.10 branch from e8ac5b0 to c265ebd Compare June 2, 2026 10:33
@changeset-bot

changeset-bot Bot commented Jun 2, 2026

Copy link
Copy Markdown

⚠️ No Changeset found

Latest commit: c265ebd

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@kilo-code-bot

kilo-code-bot Bot commented Jun 2, 2026

Copy link
Copy Markdown

Code Review Summary

Status: 4 Issues Found | Recommendation: Address before merge

Overview

Severity Count
CRITICAL 1
WARNING 3
Issue Details (click to expand)

CRITICAL

File Line Issue
pnpm-lock.yaml N/A React 18 → 19 transitive version bump — react was bumped from 18.3.1 to 19.1.0 as a transitive dependency (via react-emailsocket.io chain) even though package.json was not modified. React 19 contains breaking API changes that will likely cause runtime failures in the application.

WARNING

File Line Issue
pnpm-lock.yaml N/A Lockfile changes far exceed PR scope — This PR is titled as a postcss bump (8.5.10 → 8.5.11), but the lockfile shows extensive unrelated transitive dependency updates including terser (5.44.1 → 5.48.0), terser-webpack-plugin (5.3.14 → 5.6.1), webpack optional dependencies expansion, nanoid updates, react bump, and many others. This suggests the lockfile was regenerated from a different resolution state than intended.
pnpm-lock.yaml N/A postcss version inconsistency — Some lockfile entries resolve to postcss@8.5.11 while others resolve to postcss@8.5.15. The PR explicitly targets 8.5.11, so the 8.5.15 resolutions (e.g., in next, @remix-run/dev, tsup, postcss-loader, autoprefixer) are out of scope for this PR.
pnpm-lock.yaml N/A terser-webpack-plugin major version change — Jump from 5.3.14 to 5.6.1 introduces new optional peer dependencies (lightningcss, postcss, html-minifier-terser, clean-css, csso, @swc/css, @swc/html, @minify-html/node) that could silently alter webpack build output or introduce unexpected optional installs.
Other Observations (not in diff)
File Line Issue
package.json N/A package.json was not updated despite massive lockfile changes — This is suspicious and suggests the lockfile may have been generated from a dirty or different package.json state. Verify this was intentional.
package.json N/A Missing changeset — The changeset-bot already flagged this. Given the scope of transitive dependency changes, this PR absolutely requires a changeset to document the version bumps.
Files Reviewed (1 file)
  • pnpm-lock.yaml — 4 issues (major lockfile scope and dependency resolution problems)

Fix these issues in Kilo Cloud


Reviewed by step-3.7-flash-20260528 · 958,505 tokens

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants