Skip to content

Bump postcss and resolve-url-loader in /packages/join-flow#94

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/packages/join-flow/multi-1f9929eeb2
Open

Bump postcss and resolve-url-loader in /packages/join-flow#94
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/packages/join-flow/multi-1f9929eeb2

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github May 7, 2026

Bumps postcss to 8.5.14 and updates ancestor dependency resolve-url-loader. These dependencies need to be updated together.

Updates postcss from 8.4.32 to 8.5.14

Release notes

Sourced from postcss's releases.

8.5.14

8.5.13

  • Fixed postcss-scss commend regression.

8.5.12

  • Fixed reading any file via user-generated CSS.
  • Added opts.unsafeMap to disable checks.

8.5.11

  • Fixed nested brackets parsing performance (by @​offset).

8.5.10

  • Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

  • Speed up source map encoding paring in case of the error.

8.5.8

  • Fixed Processor#version.

8.5.7

  • Improved source map annotation cleaning performance (by CodeAnt AI).

8.5.6

  • Fixed ContainerWithChildren type discriminating (by @​Goodwine).

8.5.5

  • Fixed package.jsonexports compatibility with some tools (by @​JounQin).

8.5.4

8.5.3

8.5.2

8.5.1

8.5 “Duke Alloces”

PostCSS 8.5 brought API to work better with non-CSS sources like HTML, Vue.js/Svelte sources or CSS-in-JS.

... (truncated)

Changelog

Sourced from postcss's changelog.

8.5.14

8.5.13

  • Fixed postcss-scss commend regression.

8.5.12

  • Fixed reading any file via user-generated CSS.
  • Added opts.unsafeMap to disable checks.

8.5.11

  • Fixed nested brackets parsing performance (by @​offset).

8.5.10

  • Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

  • Speed up source map encoding paring in case of the error.

8.5.8

  • Fixed Processor#version.

8.5.7

  • Improved source map annotation cleaning performance (by CodeAnt AI).

8.5.6

  • Fixed ContainerWithChildren type discriminating (by @​Goodwine).

8.5.5

  • Fixed package.jsonexports compatibility with some tools (by @​JounQin).

8.5.4

8.5.3

... (truncated)

Commits
  • 3ec1394 Release 8.5.14 version
  • f2bb827 Update dependencies
  • d75953d Merge pull request #2084 from 43081j/raw-raws-rawing
  • 68bd213 fix: always call raw to retrieve raw values
  • af58cf1 Release 8.5.13 version
  • f227dbd Temporary ignore pnpm 11 config
  • d3abd40 Update dependencies
  • dd06c3e Revert stringifier changes because of the conflict with postcss-scss
  • ae889c8 Try to fix CI
  • e0093e4 Move to pnpm 11
  • Additional commits viewable in compare view

Updates resolve-url-loader from 3.1.1 to 5.0.0

Release notes

Sourced from resolve-url-loader's releases.

5.0.0

Breaking changes

  • Require node>=12.
  • Support only webpack>=4.
  • Update to postcss@^8.
  • Remove rework engine (which was deprecated in V4).

Bugfixes

  • Fix log messages not correctly normalising absolute paths to posix style on Windows platform
  • Fixes to end-to-end tests and test framework.

5.0.0-beta.1

Breaking changes

  • Require node>=12.
  • Support only webpack>=4.
  • Update to postcss@^8.
  • Remove rework engine (which was deprecated in V4).

Bugfixes

  • Fix log messages not correctly normalising absolute paths to posix style on Windows platform
  • Fixes to end-to-end tests and test framework.

5.0.0-alpha.1

Breaking changes

  • Require node>=12.
  • Support only webpack>=4.
  • Update to postcss@^8.
  • Remove rework engine (which was deprecated in V4).

Bugfixes

  • Fix log messages not correctly normalising absolute paths to posix style on Windows platform

4.0.0

Features

  • Better resolution of the original source location - You can more successfully use url() in variables and mixins.
  • Dependencies now accept a wider range and explicit dependency on rework and rework-visit has been removed.

Breaking Changes

  • The engine option is deprecated which means the old rework engine is deprecated.
  • The keepQuery behaviour is now the default, the keepQuery option has been removed.
  • The removeCR option defaults to true when executing on Windows OS.
  • The absolute option has been removed.
  • The join option has changed.

Migrating

See the changlog.

... (truncated)

Changelog

Sourced from resolve-url-loader's changelog.

resolve-url-loader

Version 5

Features

  • Update postcss and completely remove rework parser.

Breaking Changes

  • Require node@>=12.
  • Support webpack@>=4 (no longer tested for earlier versions).
  • The engine option has been removed.

Migrating

Remove the engine option if you are using it.

Version 4

Features

  • Better resolution of the original source location - You can more successfully use url() in variables and mixins.
  • Dependencies now accept a wider range and explicit dependency on rework and rework-visit has been removed.

Breaking Changes

  • The engine option is deprecated which means the old rework engine is deprecated.
  • The keepQuery behaviour is now the default, the keepQuery option has been removed.
  • The removeCR option defaults to true when executing on Windows OS.
  • The absolute option has been removed.
  • The join option has changed.

Migrating

Remove the engine option if you are using it - the default "postcss" engine is much more reliable. The "rework" engine will still work for now but will be removed in the next major version.

Remove the keepQuery option if you are using it.

Remove the absolute option, webpack should work fine without it. If you have a specific need to rebase url() then you should use a separate loader.

If you use a custom join function then you will need to refactor it to the new API. Refer to the advanced usage documentation.

If you wish to still use engine: "rework" then note that rework and rework-visit packages are now peerDependencies that must be explicitly installed by you.

Version 3

Features

  • Use postcss parser by default. This is long overdue as the old rework parser doesn't cope with modern css.

... (truncated)

Commits
  • bf01da9 5.0.0
  • 78393f6 update branch references to v5
  • 6787839 github actions for CI
  • 1457038 update changelog and readme
  • a01faf9 5.0.0-beta.1
  • fb09fae remove the engine option harder, ensure deprecation warning is tested
  • 5654fa4 remove the engine option and related tests, use getOptions from loader where ...
  • 10f9cdb 5.0.0-alpha.1
  • b168dd3 adjust deprecation message for engine option
  • 29e142a normalise windows absolute paths to posix format in log messages
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump postcss and resolve-url-loader in /packages/join-flow
2cb50d4 
Bumps [postcss](https://github.com/postcss/postcss) to 8.5.14 and updates ancestor dependency [resolve-url-loader](https://github.com/bholloway/resolve-url-loader/tree/HEAD/packages/resolve-url-loader). These dependencies need to be updated together.


Updates `postcss` from 8.4.32 to 8.5.14
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.4.32...8.5.14)

Updates `resolve-url-loader` from 3.1.1 to 5.0.0
- [Release notes](https://github.com/bholloway/resolve-url-loader/releases)
- [Changelog](https://github.com/bholloway/resolve-url-loader/blob/v5/packages/resolve-url-loader/CHANGELOG.md)
- [Commits](https://github.com/bholloway/resolve-url-loader/commits/5.0.0/packages/resolve-url-loader)

---
updated-dependencies:
- dependency-name: postcss
  dependency-version: 8.5.14
  dependency-type: indirect
- dependency-name: resolve-url-loader
  dependency-version: 5.0.0
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 7, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants