Bump postcss, autoprefixer, css-loader, cssnano, optimize-css-assets-webpack-plugin, postcss-loader, sanitize-html and vue-loader

[dependabot]

Bumps postcss to 8.4.31 and updates ancestor dependencies postcss, autoprefixer, css-loader, cssnano, optimize-css-assets-webpack-plugin, postcss-loader, sanitize-html and vue-loader. These dependencies need to be updated together.

Updates postcss from 5.2.18 to 8.4.31

Release notes

Sourced from postcss's releases.

8.4.31

• Fixed \r parsing to fix CVE-2023-44270.

8.4.30

• Improved source map performance (by @​romainmenke).

8.4.29

• Fixed Node#source.offset (by @​idoros).
• Fixed docs (by @​coliff).

8.4.28

• Fixed Root.source.end for better source map (by @​romainmenke).
• Fixed Result.root types when process() has no parser.

8.4.27

• Fixed Container clone methods types.

8.4.26

• Fixed clone methods types.

8.4.25

• Improve stringify performance (by @​romainmenke).
• Fixed docs (by @​vikaskaliramna07).

8.4.24

• Fixed Plugin types.

8.4.23

• Fixed warnings in TypeDoc.

8.4.22

• Fixed TypeScript support with node16 (by @​remcohaszing).

8.4.21

• Fixed Input#error types (by @​hudochenkov).

8.4.20

• Fixed source map generation for childless at-rules like @layer.

8.4.19

• Fixed whitespace preserving after AST transformations (by @​romainmenke).

8.4.18

• Fixed an error on absolute: true with empty sourceContent (by @​KingSora).

8.4.17

• Fixed Node.before() unexpected behavior (by @​romainmenke).
• Added TOC to docs (by @​muddv).

8.4.16

... (truncated)

Changelog

Sourced from postcss's changelog.

8.4.31

• Fixed \r parsing to fix CVE-2023-44270.

8.4.30

• Improved source map performance (by Romain Menke).

8.4.29

• Fixed Node#source.offset (by Ido Rosenthal).
• Fixed docs (by Christian Oliff).

8.4.28

• Fixed Root.source.end for better source map (by Romain Menke).
• Fixed Result.root types when process() has no parser.

8.4.27

• Fixed Container clone methods types.

8.4.26

• Fixed clone methods types.

8.4.25

• Improve stringify performance (by Romain Menke).
• Fixed docs (by @​vikaskaliramna07).

8.4.24

• Fixed Plugin types.

8.4.23

• Fixed warnings in TypeDoc.

8.4.22

• Fixed TypeScript support with node16 (by Remco Haszing).

8.4.21

• Fixed Input#error types (by Aleks Hudochenkov).

8.4.20

• Fixed source map generation for childless at-rules like @layer.

8.4.19

• Fixed whitespace preserving after AST transformations (by Romain Menke).

8.4.18

• Fixed an error on absolute: true with empty sourceContent (by Rene Haas).

8.4.17

• Fixed Node.before() unexpected behavior (by Romain Menke).
• Added TOC to docs (by Mikhail Dedov).

8.4.16

... (truncated)

Commits

• See full diff in compare view

Updates autoprefixer from 7.2.6 to 10.4.16

Release notes

Sourced from autoprefixer's releases.

10.4.16

• Improved performance (by @​romainmenke).
• Fixed docs (by @​coliff).

10.4.15

• Fixed ::backdrop prefixes (by @​yisibl).
• Fixed docs (by @​coliff).

10.4.14

• Improved startup time and reduced JS bundle size (by @​Knagis).

10.4.13

• Fixed missed prefixes on vendor prefixes in name of CSS Custom Property.

10.4.12

• Fixed support of unit-less zero angle in backgrounds (by @​yisibl).

10.4.11

• Fixed text-decoration prefixes by moving to MDN data (by @​romainmenke).

10.4.10

• Fixed unicode-bidi prefixes by moving to MDN data.

10.4.9

• Fixed css-unicode-bidi issue from latest Can I Use.

10.4.8

• Do not print color-adjust warning if print-color-adjust also is in rule.

10.4.7

• Fixed print-color-adjust support in Firefox.

10.4.6

• Fixed print-color-adjust support.

10.4.5

• Fixed NaN in grid (by @​SukkaW).

10.4.4

• Fixed package.funding to have same value between all PostCSS packages.

10.4.3

• Fixed package.funding (by @​mondeja).

10.4.2

• Fixed missed -webkit- prefix for width: stretch.

10.4.1

• Fixed ::file-selector-button data (by @​lukewarlow).

... (truncated)

Changelog

Sourced from autoprefixer's changelog.

10.4.16

• Improved performance (by Romain Menke).
• Fixed docs (by Christian Oliff).

10.4.15

• Fixed ::backdrop prefixes (by 一丝).
• Fixed docs (by Christian Oliff).

10.4.14

• Improved startup time and reduced JS bundle size (by Kārlis Gaņģis).

10.4.13

• Fixed missed prefixes on vendor prefixes in name of CSS Custom Property.

10.4.12

• Fixed support of unit-less zero angle in backgrounds (by 一丝).

10.4.11

• Fixed text-decoration prefixes by moving to MDN data (by Romain Menke).

10.4.10

• Fixed unicode-bidi prefixes by moving to MDN data.

10.4.9

• Fixed css-unicode-bidi issue from latest Can I Use.

10.4.8

• Do not print color-adjust warning if print-color-adjust also is in rule.

10.4.7

• Fixed print-color-adjust support in Firefox.

10.4.6

• Fixed print-color-adjust support.

10.4.5

• Fixed NaN in grid (by @​SukkaW).

10.4.4

• Fixed package.funding to have same value between all PostCSS packages.

10.4.3

• Fixed package.funding (by Álvaro Mondéjar).

10.4.2

• Fixed missed -webkit- prefix for width: stretch.

10.4.1

• Fixed ::file-selector-button data (by Luke Warlow).

... (truncated)

Commits

• 026083c Release 10.4.16 version
• 4cda7ae Update dependencies
• 7a49d6a Update CI
• a87f4cd improve performance (#1500)
• 0d6496e Update dependencies
• d9064cb Remove deprecated browsers from README (#1499)
• aa63324 Release 10.4.15 version
• e6f597d Run tests in parallel
• 8611ba6 Update dependencies
• f8d8dab feat: ::backdrop using @mdn/browser-compat-data (#1498)
• Additional commits viewable in compare view

Updates css-loader from 0.28.11 to 6.8.1

Release notes

Sourced from css-loader's releases.

v6.8.1

6.8.1 (2023-05-28)

Bug Fixes

• use cause for original errors and warnings (#1526) (ae3d8ae)

v6.8.0

6.8.0 (2023-05-27)

Features

• use template literal when it possible to prevent Maximum call stack size exceeded (#1525) (6eb5661)

Bug Fixes

• warning and error serialization (#1523) (3e52969)

v6.7.4

6.7.4 (2023-05-19)

Bug Fixes

• bugs in css modules (c3099fb)
• output warning when built-in CSS support enabled (#1520) (0700ce8)

v6.7.3

6.7.3 (2022-12-14)

Bug Fixes

• remove sourceURL from emitted CSS (#1487) (962924c)

v6.7.2

6.7.2 (2022-11-13)

Bug Fixes

• css modules generation with inline syntax (#1480) (2f4c273)

v6.7.1

6.7.1 (2022-03-08)

... (truncated)

Changelog

Sourced from css-loader's changelog.

6.8.1 (2023-05-28)

Bug Fixes

• use cause for original errors and warnings (#1526) (ae3d8ae)

6.8.0 (2023-05-27)

Features

• use template literal when it possible to prevent Maximum call stack size exceeded (#1525) (6eb5661)

Bug Fixes

• warning and error serialization (#1523) (3e52969)

6.7.4 (2023-05-19)

Bug Fixes

• bugs in css modules (c3099fb)
• output warning when built-in CSS support enabled (#1520) (0700ce8)

6.7.3 (2022-12-14)

Bug Fixes

• remove sourceURL from emitted CSS (#1487) (962924c)

6.7.2 (2022-11-13)

Bug Fixes

• css modules generation with inline syntax (#1480) (2f4c273)

6.7.1 (2022-03-08)

Bug Fixes

• defaultGetLocalIdent export (#1427) (74dac1e)

6.7.0 (2022-03-04)

... (truncated)

Commits

• 4673caa chore(release): 6.8.1
• ae3d8ae fix: use cause for original errors and warnings (#1526)
• c0ce599 chore(release): 6.8.0
• 6eb5661 feat: use template literal when it possible to prevent `Maximum call stack si...
• 0a2a596 chore(deps): update (#1524)
• 3e52969 fix: warning and error serialization (#1523)
• ed77720 chore(release): 6.7.4
• c3099fb fix: bugs in css modules
• f1ba0db docs: fix (#1521)
• 0700ce8 fix: output warning when built-in CSS support enabled (#1520)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by evilebottnawi, a new releaser for css-loader since your current version.

Updates cssnano from 3.10.0 to 6.0.1

Release notes

Sourced from cssnano's releases.

v6.0.1

Bug Fixes

• fix(postcss-merge-rules): do not merge nested rules (cssnano/cssnano@eb9a9a1)
• fix(postcss-reduce-idents): minify grid line names correctly (cssnano/cssnano@2af6687)

v6.0.0

Major Changes

• 99d1e6ab: postcss-normalize-url: remove normalize-url configuration options
• 4e272f88: postcss-svgo: Upgrade dependency svgo to v3 and increase the minimum supported node version to v14
• ca9d3f55: Switch minimum supported Node version to 14 for all packages
• 39a20405: feat!(cssnano): remove undocumented YAML config support

Migration instructions

• If you're not happy with the defaults for the normalize-url transform, turn it off completely. Options were removed as most would change the meaning of the URL, which is unexpcted in the case of CSS minification.
• In the unlikely event you're using YAML to configure cssnano, move the cssnano configuration inside the PostCSS config or use a configuration file in CommonJS or JSON format.

v5.1.15

Bug Fixes

• fix(postcsss-reduce-initial): fix mask-repeat conversion
• fix(postcss-colormin): don't minify colors in src declarations
• fix(postcss-merge-rules): do not merge conflicting flex and border properties

v5.1.14

Bug Fixes

• fix: update autoprefixer and browserslist
• fix(postcss-reduce-initial): improve initial properties data

v5.1.13

Bug Fixes

• fix TypeScript type of cssnano() return value (cssnano/cssnano@b92dbe3)

v5.1.12

Bug Fixes

• fix: preserve hyphenated property case (cssnano/cssnano@120a888)
• fix: ensure sorting properties does not break the output (cssnano/cssnano@0a3a133)
• fix: recognize 'constant' as a function (cssnano/cssnano@858a8b7)

v5.1.11

Bug Fixes

• postcss-ordered-values: preserve constant values (32ab4d9b7d20d)

v5.1.10

Bug Fixes

• postcss-minify-selectors: preserve similar nested selectors (f6c29fb3e75ac26a2635d)

v5.1.9

Bug Fixes

• postcss-merge-longhand: preserve more color function fallbacks (712993cb4a4e0)

... (truncated)

Commits

• 690358c Publish cssnano 6.0.1
• 0cdcaf7 chore: update postcss-calc to 9.0
• 2af6687 fix(postcss-reduce-idents): fix line names grid templates
• eb9a9a1 fix(postcss-merge-rules): do not merge rules with nested rules
• a580534 test(postcss-merge-rules): test container queries
• fae4813 chore: update development dependencies
• 74bd8da chore: update pnpm-lock version
• 7b68ad7 docs: update website for release (#1486)
• 10dd3cf chore: update CLI example for 6.0 release (#1485)
• 8e89938 Publish cssnano 6.0 (#1484)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ludovicofischer, a new releaser for cssnano since your current version.

Updates optimize-css-assets-webpack-plugin from 3.2.0 to 3.2.1

Commits

• 662dfb7 3.2.1
• 7ab5e15 Upgrade cssnano dependency
• See full diff in compare view

Updates postcss-loader from 2.1.4 to 7.3.3

Release notes

Sourced from postcss-loader's releases.

v7.3.3

7.3.3 (2023-06-10)

Bug Fixes

• perf: avoid using klona for postcss options (#658) (e754c3f)
• bug with loading configurations after updating cosmiconfig to version 8.2 (684d265)

v7.3.2

7.3.2 (2023-05-28)

Bug Fixes

• use cause to keep original errors and warnings (#655) (e8873f4)

v7.3.1

7.3.1 (2023-05-26)

Bug Fixes

• warning and error serialization (65748ec)

v7.3.0

7.3.0 (2023-04-28)

Features

• use jiti for typescript configurations (#649) (8b876fa)

v7.2.4

7.2.4 (2023-04-04)

Bug Fixes

• memory leak (#642) (7ab3b59)

v7.2.3

7.2.3 (2023-04-03)

Bug Fixes

• ts-node loading (#640) (38b1992)

v7.2.2

... (truncated)

Changelog

Sourced from postcss-loader's changelog.

7.3.3 (2023-06-10)

Bug Fixes

• perf: avoid using klona for postcss options (#658) (e754c3f)
• bug with loading configurations after updating cosmiconfig to version 8.2 (684d265)

7.3.2 (2023-05-28)

Bug Fixes

• use cause to keep original errors and warnings (#655) (e8873f4)

7.3.1 (2023-05-26)

Bug Fixes

• warning and error serialization (65748ec)

7.3.0 (2023-04-28)

Features

• use jiti for typescript configurations (#649) (8b876fa)

7.2.4 (2023-04-04)

Bug Fixes

• memory leak (#642) (7ab3b59)

7.2.3 (2023-04-03)

Bug Fixes

• ts-node loading (#640) (38b1992)

7.2.2 (2023-04-03)

Bug Fixes

• cannot find module 'ts-node' (#639) (ab4d16a)

... (truncated)

Commits

• 7a85867 chore(release): 7.3.3
• 684d265 fix: regression on cosmiconfig side
• e754c3f fix(perf): avoid using klona for postcss options (#658)
• 69446c3 docs: remove Gitter from issue templates (#657)
• c058a06 chore(release): 7.3.2
• e8873f4 fix: use cause to keep original errors and warnings (#655)
• 7e5eaeb chore(release): 7.3.1
• 65748ec fix: warning and error serialization
• a98d7d0 docs: add GitHub discussions badge (#652)
• 0a53820 chore: add scripts to fix lint (#651)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by evilebottnawi, a new releaser for postcss-loader since your current version.

Updates sanitize-html from 1.18.2 to 1.27.5

Changelog

Sourced from sanitize-html's changelog.

1.27.5 (2020-09-23):

• Updates README to include ES modules syntax.

1.27.4 (2020-08-26):

• Fixes an IE11 regression from using Array.prototype.includes, replacing it with Array.prototype.indexOf.

1.27.3 (2020-08-12):

• Fixes a bug when using transformTags with out textFilter. Thanks to Andrzej Porebski for the help with a failing test.

1.27.2 (2020-07-29):

• Fixes CHANGELOG links. Thanks to Alex Mayer for the contribution.
• Replaces srcset with parse-srcset. Thanks to Massimiliano Mirra for the contribution.

1.27.1 (2020-07-15):

• Removes the unused chalk dependency.
• Adds configuration for a Github stale bot.
• Replace xtend package with native Object.assign.

1.27.0:

• Adds the allowedIframeDomains option. This works similar to allowedIframeHostnames, where you would set it to an array of web domains. It would then permit any hostname on those domains to be used in iframe src attributes. Thanks to Stanislav Kravchenko for the contribution.

1.26.0:

• Adds the option element to the default nonTextTagsArray of tags with contents that aren't meant to be displayed visually as text. This can be overridden with the nonTextTags option.

1.25.0:

• Adds enforceHtmlBoundary option to process code bounded by the html tag, discarding any code outside of those tags.
• Migrates to the main lodash package from the per method packages since they are deprecated and cause code duplication. Thanks to Merceyz for the contribution.
• Adds a warning when style and script tags are allowed, as they are inherently vulnerable to being used in XSS attacks. That warning can be disabled by including the option allowVulnerableTags: true so this choice is knowing and explicit.

1.24.0:

• Fixes a bug where self-closing tags resulted in deletion with disallowedTagsMode: 'escape' set. Thanks to Thiago Negri for the contribution.
• Adds abbr to the default allowedTags for better accessibility support. Thanks to Will Farrell for the contribution.
• Adds a mediaChildren property to the frame object in custom filters. This allows you to check for links or other parent tags that contain self-contained media to prevent collapse, regardless of whether there is also text inside. Thanks to axdg for the initial implementation and Marco Arduini for a failing test contribution.

1.23.0:

• Adds eslint configuration and adds eslint to test script.
• Sets sideEffects: false on package.json to allow module bundlers like webpack tree-shake this module and all the dependencies from client build. Thanks to Egor Voronov for the contribution.
• Adds the tagName (HTML element name) as a second parameter passed to textFilter. Thanks to Slava for the contribution.

1.22.1:

ncreases the patch version of lodash.mergewith to enforce an audit fix.

1.22.0:

bumped htmlparser2 dependency to the 4.x series. This fixes longstanding bugs and should cause no bc breaks for this module, since the only bc breaks upstream are in regard to features we don't expose in this module.

1.21.1:

fixed issue with bad main setting in package.json that broke 1.21.0.

1.21.0:

new disallowedTagsMode option can be set to escape to escape disallowed tags rather than discarding them. Any subtags are handled as usual. If you want to recursively escape them too, you can set disallowedTagsMode to recursiveEscape. Thanks to Yehonatan Zecharia for this contribution.

... (truncated)

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by alexbea, a new releaser for sanitize-html since your current version.

Updates vue-loader from 13.7.1 to 17.2.2

Release notes

Sourced from vue-loader's releases.

v17.2.2

Bug Fixes

• fix: windows path for experiments.css by @​h-a-n-a in vuejs/vue-loader#2049

v17.2.1

Features

• A new experimentalInlineMatchResource option (webpack 5 only), which leverages webpack 5's inline matchResource feature in the underlying implementation, and works well with the experiments.css feature (#2046) (3149f6d)

Note: v17.2.0 was released by accident; it has the same content as v17.1.2, therefore not included in the Releases page.

v17.1.2

Bug Fixes

• keep build stable when run in a different path (#2040) (a81dc0f)
• properly close the watcher after webpack 4 tests (40b93b9)

v17.1.1

Bug Fixes

• support experimental propsDestructure and defineModel options (6269698)

v17.1.0

Bug Fixes

• fix: reference project compiler, fixes #2031 by @​heywhy in vuejs/vue-loader#2038
• fix: do not throw when Rule.layer is used by @​nolimitdev in vuejs/vue-loader#2000

Features

• support 3.3 imported types hmr (bbd98fc)

Full Changelog: vuejs/vue-loader@v17.0.1...v17.1.0

v17.0.1

Bug Fixes

• add vue and @vue/compiler-sfc to optional peerDependencies (df0ded5), closes #1944
• merge custom queries rather than appending (#1911) (9e4249a)

v17.0.0

Features

• support reactivityTransform option (e07490e)

BREAKING CHANGES

... (truncated)

Changelog

Sourced from vue-loader's changelog.

17.2.2 (2023-06-02)

Bug Fixes

• windows path for experiments.css (#2049) (f3f45df)

17.2.1 (2023-06-01)

Features

• A new experimentalInlineMatchResource option (webpack 5 only), which leverages webpack 5's inline match resource feature and works well with the experiments.css feature (#2046) (3149f6d)

Note: v17.2.0 was released by accident, it has the same content as v17.1.2, therefore not included in the changelog.

17.1.2 (2023-05-29)

Bug Fixes

• keep build stable when run in a different path (#2040) (a81dc0f)
• properly close the watcher after tests (40b93b9)

17.1.1 (2023-05-11)

Bug Fixes

• support propsDestructure and defineModel options (6269698)

17.1.0 (2023-04-26)

Bug Fixes

• do not throw when Rule.layer (#2000) (ef589df)

17.1.0-beta.0 (2023-04-19)

... (truncated)

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by soda, a new releaser for vue-loader since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.