Skip to content

chore(deps-dev): bump postcss from 8.5.8 to 8.5.16 in /apps/web#54

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/apps/web/postcss-8.5.9
Closed

chore(deps-dev): bump postcss from 8.5.8 to 8.5.16 in /apps/web#54
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/apps/web/postcss-8.5.9

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 13, 2026

Copy link
Copy Markdown
Contributor

Bumps postcss from 8.5.8 to 8.5.16.

Release notes

Sourced from postcss's releases.

8.5.16

8.5.15

  • Fixed declaration parsing performance (by @​homanp).

8.5.14

8.5.13

  • Fixed postcss-scss commend regression.

8.5.12

  • Fixed reading any file via user-generated CSS.
  • Added opts.unsafeMap to disable checks.

8.5.11

  • Fixed nested brackets parsing performance (by @​offset).

8.5.10

  • Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

  • Speed up source map encoding paring in case of the error.
Changelog

Sourced from postcss's changelog.

8.5.16

8.5.15

  • Fixed declaration parsing performance (by @​homanp).

8.5.14

8.5.13

  • Fixed postcss-scss commend regression.

8.5.12

  • Fixed reading any file via user-generated CSS.
  • Added opts.unsafeMap to disable checks.

8.5.11

  • Fixed nested brackets parsing performance (by @​offset).

8.5.10

  • Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

  • Speed up source map encoding paring in case of the error.
Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for postcss since your current version.


Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot @github

dependabot Bot commented on behalf of github Apr 13, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: dependencies, frontend. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@ravirajsinh45 ravirajsinh45 left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dependency triage: postcss 8.5.8→8.5.9, dev/build-only tooling; single-commit source-map bugfix, no API change. Approving; CI re-runs on rebase.

@ravirajsinh45

Copy link
Copy Markdown
Contributor

@dependabot rebase

Bumps [postcss](https://github.com/postcss/postcss) from 8.5.8 to 8.5.16.
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.5.8...8.5.16)

---
updated-dependencies:
- dependency-name: postcss
  dependency-version: 8.5.9
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title chore(deps-dev): bump postcss from 8.5.8 to 8.5.9 in /apps/web chore(deps-dev): bump postcss from 8.5.8 to 8.5.16 in /apps/web Jul 9, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/apps/web/postcss-8.5.9 branch from 6ef7c04 to f94d9bd Compare July 9, 2026 08:08
@ravirajsinh45

Copy link
Copy Markdown
Contributor

Closing as part of the dependabot cleanup. dependabot can't rebase this against current main — its parser can't read the repo's pnpm lockfileVersion: '9.0' (it commented "Dependabot can't parse your pnpm-lock.yaml"), and the branch now conflicts with the sibling npm bumps already merged (#52/#55/#56). postcss 8.5.8→8.5.9 is within the existing range ("postcss": "^8.5.4"), so nothing is blocked and it'll be picked up on the next lockfile regeneration. Can be re-raised once the pnpm-v9 tooling issue is sorted.

@dependabot @github

dependabot Bot commented on behalf of github Jul 9, 2026

Copy link
Copy Markdown
Contributor Author

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/apps/web/postcss-8.5.9 branch July 9, 2026 08:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant