Bump postcss and postcss-import

[dependabot]

Bumps postcss to 8.5.15 and updates ancestor dependency postcss-import. These dependencies need to be updated together.

Updates postcss from 7.0.39 to 8.5.15

Release notes

Sourced from postcss's releases.

8.5.15

• Fixed declaration parsing performance (by @​homanp).

8.5.14

• Fixed custom syntax regression (by @​43081j).

8.5.13

• Fixed postcss-scss commend regression.

8.5.12

• Fixed reading any file via user-generated CSS.
• Added opts.unsafeMap to disable checks.

8.5.11

• Fixed nested brackets parsing performance (by @​offset).

8.5.10

• Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

• Speed up source map encoding paring in case of the error.

8.5.8

• Fixed Processor#version.

8.5.7

• Improved source map annotation cleaning performance (by CodeAnt AI).

8.5.6

• Fixed ContainerWithChildren type discriminating (by @​Goodwine).

8.5.5

• Fixed package.json→exports compatibility with some tools (by @​JounQin).

8.5.4

• Fixed Parcel compatibility issue (by @​git-sumitchaudhary).

8.5.3

• Added more details to Unknown word error (by @​hiepxanh).
• Fixed types (by @​romainmenke).
• Fixed docs (by @​catnipan).

8.5.2

• Fixed end position of rules with semicolon (by @​romainmenke).

8.5.1

• Fixed backwards compatibility for complex cases (by @​romainmenke).

8.5 “Duke Alloces”

... (truncated)

Changelog

Sourced from postcss's changelog.

8.5.15

• Fixed declaration parsing performance (by @​homanp).

8.5.14

• Fixed custom syntax regression (by @​43081j).

8.5.13

• Fixed postcss-scss commend regression.

8.5.12

• Fixed reading any file via user-generated CSS.
• Added opts.unsafeMap to disable checks.

8.5.11

• Fixed nested brackets parsing performance (by @​offset).

8.5.10

• Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

• Speed up source map encoding paring in case of the error.

8.5.8

• Fixed Processor#version.

8.5.7

• Improved source map annotation cleaning performance (by CodeAnt AI).

8.5.6

• Fixed ContainerWithChildren type discriminating (by @​Goodwine).

8.5.5

• Fixed package.json→exports compatibility with some tools (by @​JounQin).

8.5.4

• Fixed Parcel compatibility issue (by @​git-sumitchaudhary).

8.5.3

... (truncated)

Commits

• eae46db Release 8.5.15 version
• 79508ff Update CI actions
• b128e21 Speed up declaration parsing by avoiding creating new array on each token
• 9825dca Fix code format
• 55789c8 Update dependencies
• 84fbbe9 Install older pnpm action for old Node.js
• 9f860bd Revert pnpm action for old Node.js
• 0877198 Update CI actions
• b2d1a33 Fix linter warnings
• 0700dac Merge pull request #2088 from rootvector2/add-oss-fuzz-harness
• Additional commits viewable in compare view

Updates postcss-import from 12.0.0 to 16.1.1

Release notes

Sourced from postcss-import's releases.

14.0.0 / 2020-12-14

This release should not have breaking changes for the vast majority of users; only those with @charset statements in their CSS may be affected.

• BREAKING: Error if multiple incompatible @charset statements (#447)
• BREAKING: Warn if @charset statements are not at the top of files (#447)
• Fix handing of @charset (#436, #447)

13.0.0 / 2020-10-20

• BREAKING: Require Node 10+ (#429)
• BREAKING: Upgrade to postcss v8 and require it as a peerDependency (#427, #432)
• Update dependencies

Changelog

Sourced from postcss-import's changelog.

16.1.1 / 2025-06-17

• Fix incorrect cascade layer order when some resources can not be inlined (#567, #574)

16.1.0 / 2024-03-20

• Allow bundling URLs with fragments (useful for Vite users) (#560, #561)

16.0.1 / 2024-02-14

• Fix crash when handling some @imports with media conditions (#557, #558)

16.0.0 / 2024-01-02

• BREAKING: Require Node.js v18+ (#550, #551)
• BREAKING: Signifigant rewrite, with small behavioral tweaks in a number of edge cases
• Support for @supports conditional imports added (#532, #548)
• When skipDuplicates is false, handles import cycles correctly (#462, #535)
• Add warnOnEmpty option to allow disabling warnings for empty files (#84, #541)
• Use proper node.errors (#518, #540)

Huge thanks to @romainmenke for all the hard work he put into this release.

15.1.0 / 2022-12-07

• Add data: URL support (this is not useful for most consumers) (#515)

15.0.1 / 2022-12-01

• Preserve layer in ignored @imports (#510, #511)
• Join media queries in the correct order (#512, #513)

15.0.0 / 2022-08-30

• BREAKING: Require Node.js v14+ (#497)
• BREAKING: Require nameLayer option for handling anonymous layers (#496)
• Fix handling of @media queries inside layered imports (#495, #496)

14.1.0 / 2022-03-22

• Add @layer support (#483)

14.0.2 / 2021-05-10

• Remove remaining direct import of postcss package (#455, #456)

14.0.1 / 2021-03-31

• Fix bug with @charset statements in media imports (#448, #453)

... (truncated)

Commits

• 4ae9894 16.1.1
• a3f3889 Test on modern Node versions (#577)
• 10325fc Upgrade eslint & config; use flat config (#576)
• 9227642 Migrate config renovate.json (#575)
• 2544155 Update dependency prettier to ~3.5.0 (#572)
• 83108aa Fix incorrect cascade layer order when some resources can not be inlined (#574)
• cad0022 Update dependency sugarss to v5 (#568)
• 32deb08 Update dependency c8 to v10 (#565)
• d43ca15 Update dependency prettier to ~3.4.0 (#569)
• 9af465e Update dependency prettier to ~3.3.0 (#564)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by romainmenke, a new releaser for postcss-import since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[MoOx]

@dependabot rebase

[dependabot]

Looks like these dependencies are no longer updatable, so this is no longer needed.