From 861b2be3149702858ce584d5ce8369392aa5cc32 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 27 Apr 2021 00:26:02 +0000 Subject: [PATCH] fix: package.json & yarn.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640 --- package.json | 2 +- yarn.lock | 27 ++++++++++++++++++++------- 2 files changed, 21 insertions(+), 8 deletions(-) diff --git a/package.json b/package.json index 7a6eaa4..30856cf 100644 --- a/package.json +++ b/package.json @@ -39,7 +39,7 @@ "browserslist": ["> 1%", "last 2 versions", "not ie <= 10"], "dependencies": { "postcss-css-variables": "^0.8.1", - "postcss-nested": "^3.0.0", + "postcss-nested": "^5.0.0", "promis": "^1.1.4" }, "lint-staged": { diff --git a/yarn.lock b/yarn.lock index 406973c..fcd922a 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2179,6 +2179,11 @@ cssesc@^0.1.0: version "0.1.0" resolved "https://registry.yarnpkg.com/cssesc/-/cssesc-0.1.0.tgz#c814903e45623371a0477b40109aaafbeeaddbb4" +cssesc@^3.0.0: + version "3.0.0" + resolved "https://registry.yarnpkg.com/cssesc/-/cssesc-3.0.0.tgz#37741919903b868565e1c09ea747445cd18983ee" + integrity sha512-/Tb/JcjK111nNScGob5MNtsntNM1aCNUDipB/TkwZFhyDrrE47SOx/18wF2bbjgc3ZzCSKW1T5nt5EbFoAz/Vg== + cssnano@^3.10.0, cssnano@^3.4.0: version "3.10.0" resolved "https://registry.yarnpkg.com/cssnano/-/cssnano-3.10.0.tgz#4f38f6cea2b9b17fa01490f23f1dc68ea65c1c38" @@ -5773,12 +5778,12 @@ postcss-modules@^1.1.0: postcss "^6.0.1" string-hash "^1.1.1" -postcss-nested@^3.0.0: - version "3.0.0" - resolved "https://registry.yarnpkg.com/postcss-nested/-/postcss-nested-3.0.0.tgz#cde40bd07a078565f3df72e2dc2665871c724852" +postcss-nested@^5.0.0: + version "5.0.5" + resolved "https://registry.yarnpkg.com/postcss-nested/-/postcss-nested-5.0.5.tgz#f0a107d33a9fab11d7637205f5321e27223e3603" + integrity sha512-GSRXYz5bccobpTzLQZXOnSOfKl6TwVr5CyAQJUPub4nuRJSOECK5AqurxVgmtxP48p0Kc/ndY/YyS1yqldX0Ew== dependencies: - postcss "^6.0.14" - postcss-selector-parser "^3.1.1" + postcss-selector-parser "^6.0.4" postcss-normalize-charset@^1.1.0: version "1.1.1" @@ -5839,6 +5844,14 @@ postcss-selector-parser@^3.1.1: indexes-of "^1.0.1" uniq "^1.0.1" +postcss-selector-parser@^6.0.4: + version "6.0.5" + resolved "https://registry.yarnpkg.com/postcss-selector-parser/-/postcss-selector-parser-6.0.5.tgz#042d74e137db83e6f294712096cb413f5aa612c4" + integrity sha512-aFYPoYmXbZ1V6HZaSvat08M97A8HqO6Pjz+PiNpw/DhuRrC72XWAdp3hL6wusDCN31sSmcZyMGa2hZEuX+Xfhg== + dependencies: + cssesc "^3.0.0" + util-deprecate "^1.0.2" + postcss-svgo@^2.1.1: version "2.1.6" resolved "https://registry.yarnpkg.com/postcss-svgo/-/postcss-svgo-2.1.6.tgz#b6df18aa613b666e133f08adb5219c2684ac108d" @@ -5885,7 +5898,7 @@ postcss@^5.0.10, postcss@^5.0.11, postcss@^5.0.12, postcss@^5.0.13, postcss@^5.0 source-map "^0.5.6" supports-color "^3.2.3" -postcss@^6.0.0, postcss@^6.0.1, postcss@^6.0.14, postcss@^6.0.20, postcss@^6.0.21, postcss@^6.0.22, postcss@^6.0.8: +postcss@^6.0.0, postcss@^6.0.1, postcss@^6.0.20, postcss@^6.0.21, postcss@^6.0.22, postcss@^6.0.8: version "6.0.22" resolved "https://registry.yarnpkg.com/postcss/-/postcss-6.0.22.tgz#e23b78314905c3b90cbd61702121e7a78848f2a3" dependencies: @@ -7666,7 +7679,7 @@ use@^3.1.0: dependencies: kind-of "^6.0.2" -util-deprecate@~1.0.1: +util-deprecate@^1.0.2, util-deprecate@~1.0.1: version "1.0.2" resolved "https://registry.yarnpkg.com/util-deprecate/-/util-deprecate-1.0.2.tgz#450d4dc9fa70de732762fbd2d4a28981419a0ccf"