From 32d18a1455cc0f6533125c07a80518a2446ad848 Mon Sep 17 00:00:00 2001 From: Jonathan Norris Date: Wed, 29 Apr 2026 09:35:57 -0400 Subject: [PATCH 1/2] chore: resolve open dependabot security alerts - postcss ^8.5.3 -> ^8.5.10 (medium, alert #180) --- package.json | 2 +- yarn.lock | 15 +++++++++++++-- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/package.json b/package.json index 1f3142a7..24bc7773 100644 --- a/package.json +++ b/package.json @@ -34,7 +34,7 @@ "fast-safe-stringify": "^2.1.1", "mobx": "^6.13.7", "path-browserify": "^1.0.1", - "postcss": "^8.5.3", + "postcss": "^8.5.10", "postcss-import": "^15.1.0", "postcss-preset-env": "^9.6.0", "prism-react-renderer": "^2.4.1", diff --git a/yarn.lock b/yarn.lock index d0e969e3..f8aa99f0 100644 --- a/yarn.lock +++ b/yarn.lock @@ -6562,7 +6562,7 @@ __metadata: fast-safe-stringify: "npm:^2.1.1" mobx: "npm:^6.13.7" path-browserify: "npm:^1.0.1" - postcss: "npm:^8.5.3" + postcss: "npm:^8.5.10" postcss-import: "npm:^15.1.0" postcss-preset-env: "npm:^9.6.0" prism-react-renderer: "npm:^2.4.1" @@ -12197,7 +12197,7 @@ __metadata: languageName: node linkType: hard -"postcss@npm:^8.4.21, postcss@npm:^8.4.24, postcss@npm:^8.4.33, postcss@npm:^8.4.45, postcss@npm:^8.4.47, postcss@npm:^8.5.3, postcss@npm:^8.5.4": +"postcss@npm:^8.4.21, postcss@npm:^8.4.24, postcss@npm:^8.4.33, postcss@npm:^8.4.45, postcss@npm:^8.4.47, postcss@npm:^8.5.4": version: 8.5.6 resolution: "postcss@npm:8.5.6" dependencies: @@ -12208,6 +12208,17 @@ __metadata: languageName: node linkType: hard +"postcss@npm:^8.5.10": + version: 8.5.12 + resolution: "postcss@npm:8.5.12" + dependencies: + nanoid: "npm:^3.3.11" + picocolors: "npm:^1.1.1" + source-map-js: "npm:^1.2.1" + checksum: 10/ec6b79b68c363eca3c8ffceb134a4ab637274aee6ac0857614bf7c18d40ce4ce5f9036edec57b7e0be99895724d2599d0ec7328dbd7f407204e7548697b322f1 + languageName: node + linkType: hard + "pretty-error@npm:^4.0.0": version: 4.0.0 resolution: "pretty-error@npm:4.0.0" From 55033c1b0b3cf16ed0abfc02d19e36b378b30ba7 Mon Sep 17 00:00:00 2001 From: Jonathan Norris Date: Wed, 29 Apr 2026 10:20:13 -0400 Subject: [PATCH 2/2] chore: add postcss resolution to ensure all transitive instances are patched --- package.json | 3 ++- yarn.lock | 24 +----------------------- 2 files changed, 3 insertions(+), 24 deletions(-) diff --git a/package.json b/package.json index 24bc7773..2cde0678 100644 --- a/package.json +++ b/package.json @@ -93,6 +93,7 @@ "picomatch@^4.0.2": "^4.0.4", "dompurify": "^3.4.0", "follow-redirects": "^1.16.0", - "uuid": "^14.0.0" + "uuid": "^14.0.0", + "postcss": "^8.5.10" } } diff --git a/yarn.lock b/yarn.lock index f8aa99f0..13411422 100644 --- a/yarn.lock +++ b/yarn.lock @@ -10276,7 +10276,7 @@ __metadata: languageName: node linkType: hard -"nanoid@npm:^3.3.11, nanoid@npm:^3.3.7": +"nanoid@npm:^3.3.11": version: 3.3.11 resolution: "nanoid@npm:3.3.11" bin: @@ -12186,28 +12186,6 @@ __metadata: languageName: node linkType: hard -"postcss@npm:8.4.49": - version: 8.4.49 - resolution: "postcss@npm:8.4.49" - dependencies: - nanoid: "npm:^3.3.7" - picocolors: "npm:^1.1.1" - source-map-js: "npm:^1.2.1" - checksum: 10/28fe1005b1339870e0a5006375ba5ac1213fd69800f79e7db09c398e074421ba6e162898e94f64942fed554037fd292db3811d87835d25ab5ef7f3c9daacb6ca - languageName: node - linkType: hard - -"postcss@npm:^8.4.21, postcss@npm:^8.4.24, postcss@npm:^8.4.33, postcss@npm:^8.4.45, postcss@npm:^8.4.47, postcss@npm:^8.5.4": - version: 8.5.6 - resolution: "postcss@npm:8.5.6" - dependencies: - nanoid: "npm:^3.3.11" - picocolors: "npm:^1.1.1" - source-map-js: "npm:^1.2.1" - checksum: 10/9e4fbe97574091e9736d0e82a591e29aa100a0bf60276a926308f8c57249698935f35c5d2f4e80de778d0cbb8dcffab4f383d85fd50c5649aca421c3df729b86 - languageName: node - linkType: hard - "postcss@npm:^8.5.10": version: 8.5.12 resolution: "postcss@npm:8.5.12"