dancefinder/dancefinder-app
5
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases Activity

PostCSS line return parsing error #32

New Issue
Closed
opened 2023-10-04 04:48:09 +00:00 by argoyle · 0 comments
argoyle commented 2023-10-04 04:48:09 +00:00 (Migrated from gitlab.com)
Copy Link
Copy Source

⚠️ dependabot-gitlab has detected security vulnerability for postcss in path: /, manifest_file: /package.json but was unable to update it! ⚠️

Package Severity Affected versions Patched versions IDs
postcss (NPM) MODERATE < 8.4.31 8.4.31 GHSA-7fh5-64p2-3v2j,CVE-2023-44270

Description

An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \r discrepancies, as demonstrated by @font-face{ font:(\r/*);} in a rule.

References

⚠️ `dependabot-gitlab` has detected security vulnerability for `postcss` in path: `/`, manifest_file: `/package.json` but was unable to update it! ⚠️ * https://github.com/advisories/GHSA-7fh5-64p2-3v2j | Package | Severity | Affected versions | Patched versions | IDs | |---------------|----------|-------------------|------------------|----------------------------------------| | postcss (NPM) | MODERATE | < 8.4.31 | 8.4.31 | `GHSA-7fh5-64p2-3v2j`,`CVE-2023-44270` | # Description An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be `\r` discrepancies, as demonstrated by `@font-face{ font:(\r/*);}` in a rule. # References * https://nvd.nist.gov/vuln/detail/CVE-2023-44270 * https://github.com/postcss/postcss/commit/58cc860b4c1707510c9cd1bc1fa30b423a9ad6c5 * https://github.com/postcss/postcss/blob/main/lib/tokenize.js#L25 * https://github.com/postcss/postcss/releases/tag/8.4.31 * https://github.com/advisories/GHSA-7fh5-64p2-3v2j
argoyle (Migrated from gitlab.com) closed this issue 2024-02-06 04:41:03 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
dependencies
Pull requests that update a dependency file
 docker
javascript
security
Pull requests that address a security vulnerability
 severity:critical
severity:high
severity:low
severity:moderate
No Label security severity:moderate
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
argoyle (Joakim Olsson) buildtools (Buildtools) kubernetes (Kubernetes) releaser (Unbound Releaser) renovate (Renovate Bot)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: dancefinder/dancefinder-app#32
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?