Skip to content

Bump postcss, cssnano, postcss-modules, postcss-nested, postcss-simple-vars and postcss-url#1476

Open
dependabot[bot] wants to merge 1 commit into
devfrom
dependabot/npm_and_yarn/multi-772367cc60
Open

Bump postcss, cssnano, postcss-modules, postcss-nested, postcss-simple-vars and postcss-url#1476
dependabot[bot] wants to merge 1 commit into
devfrom
dependabot/npm_and_yarn/multi-772367cc60

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 10, 2026

Copy link
Copy Markdown

Bumps postcss, cssnano, postcss-modules, postcss-nested, postcss-simple-vars and postcss-url. These dependencies needed to be updated together.
Updates postcss from 7.0.35 to 8.5.15

Release notes

Sourced from postcss's releases.

8.5.15

  • Fixed declaration parsing performance (by @​homanp).

8.5.14

8.5.13

  • Fixed postcss-scss commend regression.

8.5.12

  • Fixed reading any file via user-generated CSS.
  • Added opts.unsafeMap to disable checks.

8.5.11

  • Fixed nested brackets parsing performance (by @​offset).

8.5.10

  • Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

  • Speed up source map encoding paring in case of the error.

8.5.8

  • Fixed Processor#version.

8.5.7

  • Improved source map annotation cleaning performance (by CodeAnt AI).

8.5.6

  • Fixed ContainerWithChildren type discriminating (by @​Goodwine).

8.5.5

  • Fixed package.jsonexports compatibility with some tools (by @​JounQin).

8.5.4

8.5.3

8.5.2

8.5.1

8.5 “Duke Alloces”

... (truncated)

Changelog

Sourced from postcss's changelog.

8.5.15

  • Fixed declaration parsing performance (by @​homanp).

8.5.14

8.5.13

  • Fixed postcss-scss commend regression.

8.5.12

  • Fixed reading any file via user-generated CSS.
  • Added opts.unsafeMap to disable checks.

8.5.11

  • Fixed nested brackets parsing performance (by @​offset).

8.5.10

  • Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

  • Speed up source map encoding paring in case of the error.

8.5.8

  • Fixed Processor#version.

8.5.7

  • Improved source map annotation cleaning performance (by CodeAnt AI).

8.5.6

  • Fixed ContainerWithChildren type discriminating (by @​Goodwine).

8.5.5

  • Fixed package.jsonexports compatibility with some tools (by @​JounQin).

8.5.4

8.5.3

... (truncated)

Commits
  • eae46db Release 8.5.15 version
  • 79508ff Update CI actions
  • b128e21 Speed up declaration parsing by avoiding creating new array on each token
  • 9825dca Fix code format
  • 55789c8 Update dependencies
  • 84fbbe9 Install older pnpm action for old Node.js
  • 9f860bd Revert pnpm action for old Node.js
  • 0877198 Update CI actions
  • b2d1a33 Fix linter warnings
  • 0700dac Merge pull request #2088 from rootvector2/add-oss-fuzz-harness
  • Additional commits viewable in compare view

Updates cssnano from 4.1.10 to 8.0.1

Release notes

Sourced from cssnano's releases.

v8.0.1

What's Changed

Full Changelog: https://github.com/cssnano/cssnano/compare/cssnano@8.0.0...cssnano@8.0.1

v8.0.0

What's Changed

Full Changelog: https://github.com/cssnano/cssnano/compare/cssnano@7.1.9...cssnano@8.0.0

v7.1.9

Bug Fixes

Full Changelog: https://github.com/cssnano/cssnano/compare/cssnano@7.1.8...cssnano@7.1.9

v7.1.8

What's Changed

Full Changelog: https://github.com/cssnano/cssnano/compare/cssnano@7.1.7...cssnano@7.1.8

v.7.1.7

This release is idnetical to the previous one, but is being published to ensure that the latest versions of postcss-normalize-repeat-style and postcss-normalize-positions are uploaded to the npm registry.

v7.1.6

New feature

Bug fixes

Full Changelog: https://github.com/cssnano/cssnano/compare/cssnano@7.1.5...cssnano@7.1.6

... (truncated)

Commits
  • 6679a29 Publish cssnano 8.0.1 (#1800)
  • 9a68323 fix(postcss-minify-selectors): tighten :is() fold acceptance to a strict allo...
  • 39a540e fix(postcss-minify-selectors): reject :is() fold when divergent middle contai...
  • 10d54a1 docs: update website for release
  • 1e058fc Publish cssnano 8.0
  • aa11a12 chore: update PostCSS
  • ea8e33a chore!: drop Node.js 20 support
  • c7e9b2f chore: update pnpm to 10.33.3
  • d7c57da Move declaration sorter to advanced preset (#1793)
  • 2069407 Publish cssnano 7.1.9
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for cssnano since your current version.


Updates postcss-modules from 3.2.2 to 6.0.1

Changelog

Sourced from postcss-modules's changelog.

6.0.1

6.0.0

Breaking

The resolve option has two parameters now and can return null. Thanks to Rene Haas (@​KingSora) madyankin/postcss-modules@86d8135

Parameters:

  • file — a module we want to resolve
  • importer — the file that imports the module we want to resolve

Return value: string | null | Promise<string | null>

postcss([
	require("postcss-modules")({
    	resolve: function (file, importer) {
			return path.resolve(
				path.dirname(importer),
				file.replace(/^@/, process.cwd()
			);
    	},
  	}),
]);

Fixed

Improved

  • icss-replace-symbols replaced with with icss-utils by Jason Quense (@​jquense). The updated replacer works better and will replace values in selectors, which didn't work until now. madyankin/postcss-modules#145

5.0.0

4.3.1

4.3.0

... (truncated)

Commits

Updates postcss-nested from 4.2.3 to 7.0.2

Release notes

Sourced from postcss-nested's releases.

7.0.2

7.0.1

7.0.0

  • More complex logic of when to move comments (by @​Ulyanov-programmer).
  • Removed Node.js 16, 14, and 12 support.

6.2.0

  • Added @starting-style to bubbling at-rules.
Changelog

Sourced from postcss-nested's changelog.

7.0.2

7.0.1

7.0.0

  • More complex logic of when to move comments (by @​Ulyanov-programmer).
  • Removed Node.js 16, 14, and 12 support.

6.2.0

  • Added @starting-style to bubbling at-rules.

6.1.0

  • Added @container to bubbling at-rules.

6.0

  • Added @layer to bubbling at-rules (by Már Örlygsson).
  • Added moving all preceding comments with rule (by Már Örlygsson).
  • Added with & without parameters on @at-root (by Már Örlygsson).
  • Added rootRuleName option (by Már Örlygsson).
  • Fixed handling sibling @at-root rule blocks (by Már Örlygsson).

5.0.6

5.0.5

  • Fixed , at the tail (by Jesse de Boer).

5.0.4

  • Fixed nested & at the tail (by Raphael Luba).
  • Fixed docs (by Samuel Charpentier).

5.0.3

  • Fixed compatibility with Autoprefixer by adding @-webkit-keyframes support.

5.0.2

  • Fixed compatibility with postcss-mixins by moving to visitor API.

5.0.1

  • Fixed PostCSS 8.1 compatibility.
  • Added funding links.

5.0

  • Moved to PostCSS 8.
  • Moved postcss to peerDependencies.
Commits

Updates postcss-simple-vars from 5.0.2 to 7.0.1

Changelog

Sourced from postcss-simple-vars's changelog.

7.0.1

7.0

  • Added escape sequences support (by @​FelixZY).
  • Removed Node.js 12 support.
  • Removed Node.js 10 support.

6.0.3

  • Fixed compatibility with @define-mixin (by Sam Pullman).

6.0.2

  • Fixed compatibility with postcss-mixins.

6.0.1

  • Fixed PostCSS 8.1 compatability.
  • Added funding links.

6.0

  • Moved to PostCSS 8.
  • Moved postcss to peerDependencies.
Commits

Updates postcss-url from 8.0.0 to 10.1.4

Release notes

Sourced from postcss-url's releases.

10.1.4

Fixed: update minimatch dependency to address CVEs https://nvd.nist.gov/vuln/detail/CVE-2026-27903 https://nvd.nist.gov/vuln/detail/CVE-2026-27904 https://nvd.nist.gov/vuln/detail/CVE-2026-26996 by @​diegocr

10.1.3

Fixed: update mime version

10.1.2

Fixed: tilde operator for dependencies to allow for newer patch version

10.1.1

Fixed: updated mime and xxhashjs versions Fixed: postcss peerDependency version 8.1.2 -> 8.0.0

10.1.0

Fixed: Replaced mkdirp with make-dir (PR#152) Fixed: updated dev dependencies, resolved npm audit issues Fixed: unlock postcss in peerDependecies

10.0.0

Added: support for PostCSS 8 (PR#148) Fixed: path resolution when to/from paths match (PR#136)

9.0.0 - beta - 2019-04-17

Added: async api (PR#134)

Changelog

Sourced from postcss-url's changelog.

10.1.4 - 2026-05-21

Fixed: update minimatch dependency to address CVEs https://nvd.nist.gov/vuln/detail/CVE-2026-27903 https://nvd.nist.gov/vuln/detail/CVE-2026-27904 https://nvd.nist.gov/vuln/detail/CVE-2026-26996 by @​diegocr

10.1.3 - 2021-03-19

Fixed: update mime version

10.1.2 - 2021-03-19

Fixed: tilde operator for dependencies to allow for newer patch version

10.1.1 - 2020-11-26

Fixed: updated mime and xxhashjs versions Fixed: postcss peerDependency version 8.1.2 -> 8.0.0

10.1.0 - 2020-11-04

Fixed: Replaced mkdirp with make-dir (PR#152) Fixed: updated dev dependencies, resolved npm audit issues

10.0.0 - 2020-10-23

Added: support for PostCSS 8 (PR#148) Fixed: path resolution when to/from paths match (PR#136)

9.0.0 - 2019-04-17

Fixed: Async API Added: support for PostCSS 8

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

…e-vars and postcss-url

Bumps [postcss](https://github.com/postcss/postcss), [cssnano](https://github.com/cssnano/cssnano), [postcss-modules](https://github.com/css-modules/postcss-modules), [postcss-nested](https://github.com/postcss/postcss-nested), [postcss-simple-vars](https://github.com/postcss/postcss-simple-vars) and [postcss-url](https://github.com/postcss/postcss-url). These dependencies needed to be updated together.

Updates `postcss` from 7.0.35 to 8.5.15
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@7.0.35...8.5.15)

Updates `cssnano` from 4.1.10 to 8.0.1
- [Release notes](https://github.com/cssnano/cssnano/releases)
- [Commits](https://github.com/cssnano/cssnano/compare/v4.1.10...cssnano@8.0.1)

Updates `postcss-modules` from 3.2.2 to 6.0.1
- [Changelog](https://github.com/madyankin/postcss-modules/blob/master/CHANGELOG.md)
- [Commits](madyankin/postcss-modules@v3.2.2...v6.0.1)

Updates `postcss-nested` from 4.2.3 to 7.0.2
- [Release notes](https://github.com/postcss/postcss-nested/releases)
- [Changelog](https://github.com/postcss/postcss-nested/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss-nested@4.2.3...7.0.2)

Updates `postcss-simple-vars` from 5.0.2 to 7.0.1
- [Changelog](https://github.com/postcss/postcss-simple-vars/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss-simple-vars@5.0.2...7.0.1)

Updates `postcss-url` from 8.0.0 to 10.1.4
- [Release notes](https://github.com/postcss/postcss-url/releases)
- [Changelog](https://github.com/postcss/postcss-url/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss-url@8.0.0...10.1.4)

---
updated-dependencies:
- dependency-name: postcss
  dependency-version: 8.5.15
  dependency-type: direct:development
- dependency-name: cssnano
  dependency-version: 8.0.1
  dependency-type: direct:development
- dependency-name: postcss-modules
  dependency-version: 6.0.1
  dependency-type: direct:development
- dependency-name: postcss-nested
  dependency-version: 7.0.2
  dependency-type: direct:development
- dependency-name: postcss-simple-vars
  dependency-version: 7.0.1
  dependency-type: direct:development
- dependency-name: postcss-url
  dependency-version: 10.1.4
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 10, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants