fix(deps): bump postcss to 8.5.13 to address GHSA-qx2v-qp2m-jg93 (#180) #193

Merged

maximus merged 1 commit from issue-180-postcss-audit-fix into main

2026-05-03 19:32:51 +00:00

Author	SHA1	Message	Date
le king fu	0a8b5c7805	fix(deps): bump postcss to 8.5.13 to address GHSA-qx2v-qp2m-jg93 (#180 ) All checks were successful PR Check / rust (pull_request) Successful in 23m30s Details PR Check / frontend (pull_request) Successful in 2m26s Details Transitive dependency via vite (range ^8.5.3 already accepts the fix). Lockfile-only change; no package.json modification needed. Advisory GHSA-qx2v-qp2m-jg93 is a moderate severity XSS via unescaped </style> in the CSS stringifier output. postcss runs at build time only and never ships in the Tauri binary, so practical exposure is nil — but this clears the npm audit warning and the defenseur finding. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-03 15:21:18 -04:00

Author

SHA1

Message

Date

le king fu

0a8b5c7805

fix(deps): bump postcss to 8.5.13 to address GHSA-qx2v-qp2m-jg93 (#180 )

PR Check / rust (pull_request) Successful in 23m30s

Details

PR Check / frontend (pull_request) Successful in 2m26s

Details

Transitive dependency via vite (range ^8.5.3 already accepts the fix).
Lockfile-only change; no package.json modification needed.

Advisory GHSA-qx2v-qp2m-jg93 is a moderate severity XSS via unescaped
</style> in the CSS stringifier output. postcss runs at build time only
and never ships in the Tauri binary, so practical exposure is nil — but
this clears the npm audit warning and the defenseur finding.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-03 15:21:18 -04:00