Skip to content

Bump postcss and microbundle#108

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/multi-25eb4c3863
Open

Bump postcss and microbundle#108
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/multi-25eb4c3863

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 30, 2026

Copy link
Copy Markdown

Bumps postcss to 8.5.15 and updates ancestor dependency microbundle. These dependencies need to be updated together.

Updates postcss from 6.0.1 to 8.5.15

Release notes

Sourced from postcss's releases.

8.5.15

  • Fixed declaration parsing performance (by @​homanp).

8.5.14

8.5.13

  • Fixed postcss-scss commend regression.

8.5.12

  • Fixed reading any file via user-generated CSS.
  • Added opts.unsafeMap to disable checks.

8.5.11

  • Fixed nested brackets parsing performance (by @​offset).

8.5.10

  • Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

  • Speed up source map encoding paring in case of the error.

8.5.8

  • Fixed Processor#version.

8.5.7

  • Improved source map annotation cleaning performance (by CodeAnt AI).

8.5.6

  • Fixed ContainerWithChildren type discriminating (by @​Goodwine).

8.5.5

  • Fixed package.jsonexports compatibility with some tools (by @​JounQin).

8.5.4

8.5.3

8.5.2

8.5.1

8.5 “Duke Alloces”

... (truncated)

Changelog

Sourced from postcss's changelog.

8.5.15

  • Fixed declaration parsing performance (by @​homanp).

8.5.14

8.5.13

  • Fixed postcss-scss commend regression.

8.5.12

  • Fixed reading any file via user-generated CSS.
  • Added opts.unsafeMap to disable checks.

8.5.11

  • Fixed nested brackets parsing performance (by @​offset).

8.5.10

  • Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

  • Speed up source map encoding paring in case of the error.

8.5.8

  • Fixed Processor#version.

8.5.7

  • Improved source map annotation cleaning performance (by CodeAnt AI).

8.5.6

  • Fixed ContainerWithChildren type discriminating (by @​Goodwine).

8.5.5

  • Fixed package.jsonexports compatibility with some tools (by @​JounQin).

8.5.4

8.5.3

... (truncated)

Commits
  • eae46db Release 8.5.15 version
  • 79508ff Update CI actions
  • b128e21 Speed up declaration parsing by avoiding creating new array on each token
  • 9825dca Fix code format
  • 55789c8 Update dependencies
  • 84fbbe9 Install older pnpm action for old Node.js
  • 9f860bd Revert pnpm action for old Node.js
  • 0877198 Update CI actions
  • b2d1a33 Fix linter warnings
  • 0700dac Merge pull request #2088 from rootvector2/add-oss-fuzz-harness
  • Additional commits viewable in compare view

Updates microbundle from 0.11.0 to 0.15.1

Release notes

Sourced from microbundle's releases.

v0.15.1

Patch Changes

  • cebafa1 #961 Thanks @​zyrong! - Fix for when multiple entries reference different CSS, only the CSS referenced by the first entry will be packaged

  • 9a4e2b2 #954 Thanks @​rschristian! - Bumps Node target to v12

  • 4ad4b76 #967 Thanks @​agilgur5! - deps: upgrade rpt2 to latest v0.32.0 to fix monorepos

  • 6018e58 #956 Thanks @​rschristian! - Silences warnings when using Node builtins with the 'node:...' protocol on imports. Warnings related to bare usage of these builtins were already silenced.

  • 88241dd #968 Thanks @​PeterBurner! - deps: upgrade babel-plugin-transform-async-to-promises to latest v0.8.18 to fix #565

  • e72377a #964 Thanks @​rschristian! - Fixes filename generation for es & modern outputs. Both 'jsnext:main' and 'esmodule' were incorrectly ignored.

v0.15.0

Minor Changes

Patch Changes

... (truncated)

Changelog

Sourced from microbundle's changelog.

0.15.1

Patch Changes

  • cebafa1 #961 Thanks @​zyrong! - Fix for when multiple entries reference different CSS, only the CSS referenced by the first entry will be packaged
  • 6018e58 #956 Thanks @​rschristian! - Silences warnings when using Node builtins with the 'node:...' protocol on imports. Warnings related to bare usage of these builtins were already silenced.
  • e72377a #964 Thanks @​rschristian! - Fixes filename generation for es & modern outputs. Both 'jsnext:main' and 'esmodule' were incorrectly ignored.

0.15.0

Minor Changes

  • 6f6e080 #950 Thanks @​rschristian! - Microbundle will now output ESM using .mjs as the file extension when the package type is CJS

Patch Changes

  • b51b855 #935 Thanks @​mycoin! - Don't attempt to write build stats in watch mode when there has been a build error/sizeInfo is undefined

0.14.2

Patch Changes

  • dd0bdde #904 Thanks @​rschristian! - Added missing CLI doc for 'jsxImportSource' and correcting the Examples section of the '--help' output

0.14.1

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by smoljsteam, a new releaser for microbundle since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump postcss and microbundle
c589bd4 
Bumps [postcss](https://github.com/postcss/postcss) to 8.5.15 and updates ancestor dependency [microbundle](https://github.com/developit/microbundle). These dependencies need to be updated together.


Updates `postcss` from 6.0.1 to 8.5.15
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@6.0.1...8.5.15)

Updates `microbundle` from 0.11.0 to 0.15.1
- [Release notes](https://github.com/developit/microbundle/releases)
- [Changelog](https://github.com/developit/microbundle/blob/master/CHANGELOG.md)
- [Commits](developit/microbundle@0.11.0...v0.15.1)

---
updated-dependencies:
- dependency-name: postcss
  dependency-version: 8.5.15
  dependency-type: indirect
- dependency-name: microbundle
  dependency-version: 0.15.1
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 30, 2026
@dependabot dependabot Bot mentioned this pull request May 30, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants