Skip to content

⬆️ Update dependency postcss to v8.5.19#214

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/postcss-8.x-lockfile
Open

⬆️ Update dependency postcss to v8.5.19#214
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/postcss-8.x-lockfile

Conversation

@renovate

@renovate renovate Bot commented Mar 2, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
postcss (source) 8.5.68.5.19 age confidence

Release Notes

postcss/postcss (postcss)

v8.5.19

Compare Source

  • Fixed cleaning before for new nodes inserted to Root (by @​MahinAnowar).

v8.5.18

Compare Source

  • Restricted loading previous source maps file to the opts.from folder for security reasons (use unsafeMap: true to disable the check).

v8.5.17

Compare Source

  • Fixed Maximum call stack size exceeded error.
  • Fixed Prototype hijacking for postcss.fromJSON().
  • Fixed Input#origin() for unmapped end position (by @​chatman-media).

v8.5.16

Compare Source

v8.5.15

Compare Source

  • Fixed declaration parsing performance (by @​homanp).

v8.5.14

Compare Source

v8.5.13

Compare Source

  • Fixed postcss-scss commend regression.

v8.5.12

Compare Source

  • Fixed reading any file via user-generated CSS.
  • Added opts.unsafeMap to disable checks.

v8.5.11

Compare Source

  • Fixed nested brackets parsing performance (by @​offset).

v8.5.10

Compare Source

  • Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

v8.5.9

Compare Source

  • Speed up source map encoding paring in case of the error.

v8.5.8

Compare Source

  • Fixed Processor#version.

v8.5.7

Compare Source

  • Improved source map annotation cleaning performance (by CodeAnt AI).

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@vercel

vercel Bot commented Mar 2, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
base Error Error Jul 13, 2026 5:38pm

@bolt-new-by-stackblitz

Copy link
Copy Markdown

Review PR in StackBlitz Codeflow Run & review this pull request in StackBlitz Codeflow.

@renovate renovate Bot force-pushed the renovate/postcss-8.x-lockfile branch from 5140bea to df46f53 Compare April 7, 2026 22:43
@renovate renovate Bot changed the title ⬆️ Update dependency postcss to v8.5.8 ⬆️ Update dependency postcss to v8.5.9 Apr 7, 2026
@socket-security

socket-security Bot commented Apr 7, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updatedpostcss@​8.5.6 ⏵ 8.5.1999100 +281 -193100

View full report

@renovate renovate Bot force-pushed the renovate/postcss-8.x-lockfile branch from df46f53 to 01396b9 Compare April 16, 2026 13:53
@renovate renovate Bot changed the title ⬆️ Update dependency postcss to v8.5.9 ⬆️ Update dependency postcss to v8.5.10 Apr 16, 2026
@renovate renovate Bot changed the title ⬆️ Update dependency postcss to v8.5.10 ⬆️ Update dependency postcss to v8.5.12 Apr 26, 2026
@renovate renovate Bot force-pushed the renovate/postcss-8.x-lockfile branch from 01396b9 to a1eb3ff Compare April 26, 2026 15:28
@renovate renovate Bot force-pushed the renovate/postcss-8.x-lockfile branch from a1eb3ff to 05e52fb Compare April 30, 2026 20:39
@renovate renovate Bot changed the title ⬆️ Update dependency postcss to v8.5.12 ⬆️ Update dependency postcss to v8.5.13 Apr 30, 2026
@renovate renovate Bot force-pushed the renovate/postcss-8.x-lockfile branch from 05e52fb to 2695bb7 Compare May 4, 2026 23:27
@renovate renovate Bot changed the title ⬆️ Update dependency postcss to v8.5.13 ⬆️ Update dependency postcss to v8.5.14 May 4, 2026
@renovate renovate Bot force-pushed the renovate/postcss-8.x-lockfile branch from 2695bb7 to a787f29 Compare May 12, 2026 14:11
@renovate renovate Bot force-pushed the renovate/postcss-8.x-lockfile branch from a787f29 to 7d3be31 Compare May 19, 2026 12:42
@renovate renovate Bot changed the title ⬆️ Update dependency postcss to v8.5.14 ⬆️ Update dependency postcss to v8.5.15 May 19, 2026
@renovate renovate Bot force-pushed the renovate/postcss-8.x-lockfile branch from 7d3be31 to 4604ef5 Compare May 30, 2026 23:44
@renovate renovate Bot force-pushed the renovate/postcss-8.x-lockfile branch from 4604ef5 to c5496e5 Compare June 28, 2026 15:55
@renovate renovate Bot changed the title ⬆️ Update dependency postcss to v8.5.15 ⬆️ Update dependency postcss to v8.5.16 Jun 28, 2026
@renovate renovate Bot force-pushed the renovate/postcss-8.x-lockfile branch from c5496e5 to 63ad2fe Compare July 11, 2026 19:42
@renovate renovate Bot changed the title ⬆️ Update dependency postcss to v8.5.16 ⬆️ Update dependency postcss to v8.5.17 Jul 11, 2026
@renovate renovate Bot changed the title ⬆️ Update dependency postcss to v8.5.17 ⬆️ Update dependency postcss to v8.5.18 Jul 12, 2026
@renovate renovate Bot force-pushed the renovate/postcss-8.x-lockfile branch from 63ad2fe to 432ea9e Compare July 12, 2026 21:48
@renovate renovate Bot force-pushed the renovate/postcss-8.x-lockfile branch from 432ea9e to 819f5e2 Compare July 13, 2026 17:38
@renovate renovate Bot changed the title ⬆️ Update dependency postcss to v8.5.18 ⬆️ Update dependency postcss to v8.5.19 Jul 13, 2026
@renovate

renovate Bot commented Jul 15, 2026

Copy link
Copy Markdown
Contributor Author

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pnpm-lock.yaml
? Verifying lockfile against supply-chain policies (479 entries)...
Progress: resolved 1, reused 0, downloaded 0, added 0
Progress: resolved 62, reused 0, downloaded 1, added 0
Progress: resolved 279, reused 0, downloaded 1, added 0
Progress: resolved 478, reused 0, downloaded 1, added 0
✗ Lockfile failed supply-chain policy check (479 entries in 3.7s)
[ERR_PNPM_MINIMUM_RELEASE_AGE_VIOLATION] 1 lockfile entries failed verification:
  autoprefixer@10.5.3 was published at 2026-07-14T16:41:20.000Z, within the minimumReleaseAge cutoff (2026-07-14T08:43:47.639Z)

The lockfile contains entries that the active policies reject. This can mean the lockfile is stale, or that someone committed a lockfile that bypassed the policy locally — inspect recent changes to pnpm-lock.yaml before trusting it. If the changes look expected, run "pnpm clean --lockfile" and then "pnpm install" to rebuild from a fresh resolution. Alternatively, relax the policy that flagged them.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants