Skip to content

chore(deps-dev): bump postcss from 8.5.8 to 8.5.10 in /website#199

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/website/postcss-8.5.10
Closed

chore(deps-dev): bump postcss from 8.5.8 to 8.5.10 in /website#199
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/website/postcss-8.5.10

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 13, 2026
edited
Loading

Bumps postcss from 8.5.8 to 8.5.10.

Release notes

Sourced from postcss's releases.

8.5.10

  • Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

  • Speed up source map encoding paring in case of the error.
Changelog

Sourced from postcss's changelog.

8.5.10

  • Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

  • Speed up source map encoding paring in case of the error.
Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 13, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 13, 2026

🤖 Dependabot Auto-Merge detected this PR. Requesting a Copilot review and waiting for CI checks before merging.

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 13, 2026

@copilot please review this dependency update

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 13, 2026

Auto-merge failed. Check the workflow run for details. Manual intervention may be required.

@siracusa5
Copy link
Copy Markdown
Collaborator

siracusa5 commented May 13, 2026

@dependabot rebase

@dependabot
chore(deps-dev): bump postcss from 8.5.8 to 8.5.10 in /website
349104a 
Bumps [postcss](https://github.com/postcss/postcss) from 8.5.8 to 8.5.10.
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.5.8...8.5.10)

---
updated-dependencies:
- dependency-name: postcss
  dependency-version: 8.5.10
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/website/postcss-8.5.10 branch from db983fd to 349104a Compare May 13, 2026 03:32
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 13, 2026

Auto-merge failed. Check the workflow run for details. Manual intervention may be required.

@siracusa5
Copy link
Copy Markdown
Collaborator

siracusa5 commented May 13, 2026

Superseded — website postcss is already at ^8.5.12 on main (pnpm-lock.yaml resolves to 8.5.14 via #200). The 8.5.10 XSS fix is covered.

@siracusa5 siracusa5 closed this May 13, 2026
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 13, 2026

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/website/postcss-8.5.10 branch May 13, 2026 03:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@siracusa5