Skip to content

build(deps): Bump postcss from 8.5.6 to 8.5.10#1043

Merged
flex-development[bot] merged 1 commit into
mainfrom
dependabot/npm_and_yarn/postcss-8.5.10
Apr 24, 2026
Merged

build(deps): Bump postcss from 8.5.6 to 8.5.10#1043
flex-development[bot] merged 1 commit into
mainfrom
dependabot/npm_and_yarn/postcss-8.5.10

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 24, 2026

Copy link
Copy Markdown
Contributor

Bumps postcss from 8.5.6 to 8.5.10.

Release notes

Sourced from postcss's releases.

8.5.10

  • Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

  • Speed up source map encoding paring in case of the error.

8.5.8

  • Fixed Processor#version.

8.5.7

  • Improved source map annotation cleaning performance (by CodeAnt AI).
Changelog

Sourced from postcss's changelog.

8.5.10

  • Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

  • Speed up source map encoding paring in case of the error.

8.5.8

  • Fixed Processor#version.

8.5.7

  • Improved source map annotation cleaning performance (by CodeAnt AI).
Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
build(deps): Bump postcss from 8.5.6 to 8.5.10
7b43db3 
Bumps [postcss](https://github.com/postcss/postcss) from 8.5.6 to 8.5.10.
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.5.6...8.5.10)

---
updated-dependencies:
- dependency-name: postcss
  dependency-version: 8.5.10
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added scope:dependencies dependency updates type:build changes to the build system or external dependencies labels Apr 24, 2026
@flex-development flex-development Bot enabled auto-merge (squash) April 24, 2026 22:18
@codecov

codecov Bot commented Apr 24, 2026
edited
Loading

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (b100c80) to head (7b43db3).
⚠️ Report is 57 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files 
@@            Coverage Diff            @@
##              main     #1043   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files           33        33           
  Lines          453       453           
  Branches       175       175           
=========================================
  Hits           453       453
Flag Coverage Δ
bun-canary 100.00% <ø> (ø)
bun-latest 100.00% <ø> (ø)
node20 100.00% <ø> (ø)
node21 100.00% <ø> (ø)
node22 100.00% <ø> (ø)
node23 100.00% <ø> (ø)
node24 100.00% <ø> (ø)
Components Coverage Δ
internal 100.00% <ø> (ø)
lib 100.00% <ø> (ø)

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 1fbe743...7b43db3. Read the comment docs.

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

flex-development[bot]
flex-development Bot approved these changes Apr 24, 2026
View reviewed changes

@flex-development flex-development Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm 👍🏾

@github-project-automation github-project-automation Bot moved this from 🆕 New to 🤩 Approved in @flex-development/mlly Apr 24, 2026
@flex-development flex-development Bot merged commit fd7f5af into main Apr 24, 2026
24 checks passed
@flex-development flex-development Bot deleted the dependabot/npm_and_yarn/postcss-8.5.10 branch April 24, 2026 22:21
@github-project-automation github-project-automation Bot moved this from 🤩 Approved to ✅ Done in @flex-development/mlly Apr 24, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@flex-development flex-development[bot] flex-development[bot] approved these changes

Assignees

No one assigned

Labels

scope:dependencies dependency updates type:build changes to the build system or external dependencies

Projects

@flex-development/mlly
Status: ✅ Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants