Skip to content

chore(deps): bump postcss from 8.5.6 to 8.5.15 in /packages/core#839

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/packages/core/postcss-8.5.15
Open

chore(deps): bump postcss from 8.5.6 to 8.5.15 in /packages/core#839
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/packages/core/postcss-8.5.15

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 29, 2026

Copy link
Copy Markdown
Contributor

Bumps postcss from 8.5.6 to 8.5.15.

Release notes

Sourced from postcss's releases.

8.5.15

  • Fixed declaration parsing performance (by @​homanp).

8.5.14

8.5.13

  • Fixed postcss-scss commend regression.

8.5.12

  • Fixed reading any file via user-generated CSS.
  • Added opts.unsafeMap to disable checks.

8.5.11

  • Fixed nested brackets parsing performance (by @​offset).

8.5.10

  • Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

  • Speed up source map encoding paring in case of the error.

8.5.8

  • Fixed Processor#version.

8.5.7

  • Improved source map annotation cleaning performance (by CodeAnt AI).
Changelog

Sourced from postcss's changelog.

8.5.15

  • Fixed declaration parsing performance (by @​homanp).

8.5.14

8.5.13

  • Fixed postcss-scss commend regression.

8.5.12

  • Fixed reading any file via user-generated CSS.
  • Added opts.unsafeMap to disable checks.

8.5.11

  • Fixed nested brackets parsing performance (by @​offset).

8.5.10

  • Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

  • Speed up source map encoding paring in case of the error.

8.5.8

  • Fixed Processor#version.

8.5.7

  • Improved source map annotation cleaning performance (by CodeAnt AI).
Commits
  • eae46db Release 8.5.15 version
  • 79508ff Update CI actions
  • b128e21 Speed up declaration parsing by avoiding creating new array on each token
  • 9825dca Fix code format
  • 55789c8 Update dependencies
  • 84fbbe9 Install older pnpm action for old Node.js
  • 9f860bd Revert pnpm action for old Node.js
  • 0877198 Update CI actions
  • b2d1a33 Fix linter warnings
  • 0700dac Merge pull request #2088 from rootvector2/add-oss-fuzz-harness
  • Additional commits viewable in compare view

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 29, 2026
@dependabot dependabot Bot requested a review from lane711 as a code owner May 29, 2026 21:31
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 29, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/packages/core/postcss-8.5.15 branch from a4adfbd to 8ea352f Compare June 18, 2026 04:45
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/packages/core/postcss-8.5.15 branch from 8ea352f to 1c6c0c1 Compare June 18, 2026 19:30
pull Bot pushed a commit to sternelee/sonicjs that referenced this pull request Jun 18, 2026
- hono: ^4.12.18 → ^4.12.26 (security fixes in 4.12.25: CORS, body-limit,
  serve-static path traversal, AWS Lambda Set-Cookie, Lambda@Edge header)
- vitest: ^4.0.5 → ^4.1.9 (root, packages/core)
- @vitest/coverage-v8: ^4.0.5 → ^4.1.9 (root, packages/core)
- my-sonicjs-app vitest: ^2.1.8 → ^4.1.9 (align with root)
- postcss: 8.5.6 → 8.5.15 (transitive, lockfile)
- qs: 6.15.0 → 6.15.2 (transitive, lockfile)
- shell-quote: 1.8.3 → 1.8.4 (transitive, lockfile)

Closes PRs: SonicJs-Org#918, SonicJs-Org#862, SonicJs-Org#851, SonicJs-Org#849, SonicJs-Org#843, SonicJs-Org#840, SonicJs-Org#839, SonicJs-Org#837

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/packages/core/postcss-8.5.15 branch 3 times, most recently from add8589 to ffd74d1 Compare June 22, 2026 16:11
Bumps [postcss](https://github.com/postcss/postcss) from 8.5.6 to 8.5.15.
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.5.6...8.5.15)

---
updated-dependencies:
- dependency-name: postcss
  dependency-version: 8.5.15
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/packages/core/postcss-8.5.15 branch from ffd74d1 to 8041fa9 Compare June 23, 2026 17:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants