fix(deps): update dependency postcss to v8.2.10 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
postcss (source)	8.1.2 -> 8.2.10

GitHub Vulnerability Alerts

CVE-2021-23368

The npm package postcss from 7.0.0 and before versions 7.0.36 and 8.2.10 is vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.

---

Release Notes

postcss/postcss

v8.2.10

Compare Source

• Fixed ReDoS vulnerabilities in source map parsing.
• Fixed webpack 5 support (by Barak Igal).
• Fixed docs (by Roeland Moors).

v8.2.9

Compare Source

• Exported NodeErrorOptions type (by Rouven Weßling).

v8.2.8

Compare Source

• Fixed browser builds in webpack 4 (by Matt Jones).

v8.2.7

Compare Source

• Fixed browser builds in webpack 5 (by Matt Jones).

v8.2.6

Compare Source

• Fixed Maximum call stack size exceeded in Node#toJSON.
• Fixed docs (by inokawa).

v8.2.5

Compare Source

• Fixed escaped characters handling in list.split (by Natalie Weizenbaum).

v8.2.4

Compare Source

• Added plugin name to postcss.plugin() warning (by Tom Williams).
• Fixed docs (by Bill Columbia).

v8.2.3

Compare Source

• Fixed JSON.stringify(Node[]) support (by Niklas Mischkulnig).

v8.2.2

Compare Source

• Fixed CSS-in-JS support (by James Garbutt).
• Fixed plugin types (by Ludovico Fischer).
• Fixed Result#warn() types.

v8.2.1

Compare Source

• Fixed list type definitions (by @​n19htz).

v8.2.0

Compare Source

PostCSS 8.2 added a new API to serialize and deserialize CSS AST to JSON.

import { parse, fromJSON } from 'postcss'

let root = parse('a{}', { from: 'input.css' })
let json = root.toJSON()
// save to file, send by network, etc
let root2 = fromJSON(json)

Thanks to @​mischnic for his work.

v8.1.14

Compare Source

• Fixed parser performance regression.

v8.1.13

Compare Source

• Fixed broken AST after moving nodes in visitor API.

v8.1.12

Compare Source

• Fixed Autoprefixer regression.

v8.1.11

Compare Source

• Added PostCSS update suggestion on unknown event in plugin.

v8.1.10

Compare Source

• Fixed LazyResult type export (by Evan You).
• Fixed LazyResult type compatibility with Promise (by Anton Kastritskiy).

v8.1.9

Compare Source

• Reduced dependencies number (by Bogdan Chadkin).

v8.1.8

Compare Source

• Fixed LazyResult type compatibility with Promise (by Ludovico Fischer).
• Fixed HTTPS links in documentation.

v8.1.7

Compare Source

• Fixed import support in TypeScript (by Remco Haszing).

v8.1.6

Compare Source

• Reverted package.exports Node.js 15 fix.

v8.1.5

Compare Source

• Fixed Node.js 15 warning (by 沈鸿飞).

v8.1.4

Compare Source

• Fixed TypeScript definition (by Arthur Petrie).

v8.1.3

Compare Source

• Added package.types.

---

Configuration

📅 Schedule: "" (UTC).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box.

---

This PR has been generated by WhiteSource Renovate. View repository job log here.

[renovate]

Renovate Ignore Notification

As this PR has been closed unmerged, Renovate will now ignore this update (8.2.10). You will still receive a PR once a newer version is released, so if you wish to permanently ignore this dependency, please add it to the ignoreDeps array of your renovate config.

If this PR was closed by mistake or you changed your mind, you can simply rename this PR and you will soon get a fresh replacement PR opened.