diff --git a/package-lock.json b/package-lock.json index b5c2e61b9c41f..5a1e7d427db09 100644 --- a/package-lock.json +++ b/package-lock.json @@ -14350,7 +14350,7 @@ "mini-css-extract-plugin": "^1.3.9", "minimist": "^1.2.0", "npm-package-json-lint": "^5.0.0", - "postcss": "^8.2.2", + "postcss": "^8.2.15", "postcss-loader": "^4.2.0", "prettier": "npm:wp-prettier@2.2.1-beta-1", "puppeteer-core": "^9.0.0", @@ -46159,26 +46159,26 @@ "integrity": "sha1-AerA/jta9xoqbAL+q7jB/vfgDqs=" }, "postcss": { - "version": "8.2.2", - "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.2.2.tgz", - "integrity": "sha512-HM1NDNWLgglJPQQMNwvLxgH2KcrKZklKLi/xXYIOaqQB57p/pDWEJNS83PVICYsn1Dg/9C26TiejNr422/ePaQ==", + "version": "8.2.15", + "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.2.15.tgz", + "integrity": "sha512-2zO3b26eJD/8rb106Qu2o7Qgg52ND5HPjcyQiK2B98O388h43A448LCslC0dI2P97wCAQRJsFvwTRcXxTKds+Q==", "dev": true, "requires": { - "colorette": "^1.2.1", - "nanoid": "^3.1.20", + "colorette": "^1.2.2", + "nanoid": "^3.1.23", "source-map": "^0.6.1" }, "dependencies": { "colorette": { - "version": "1.2.1", - "resolved": "https://registry.npmjs.org/colorette/-/colorette-1.2.1.tgz", - "integrity": "sha512-puCDz0CzydiSYOrnXpz/PKd69zRrribezjtE9yd4zvytoRc8+RY/KJPvtPFKZS3E3wP6neGyMe0vOTlHO5L3Pw==", + "version": "1.2.2", + "resolved": "https://registry.npmjs.org/colorette/-/colorette-1.2.2.tgz", + "integrity": "sha512-MKGMzyfeuutC/ZJ1cba9NqcNpfeqMUcYmyF1ZFY6/Cn7CNSAKx6a+s48sqLqyAiZuaP2TcqMhoo+dlwFnVxT9w==", "dev": true }, "nanoid": { - "version": "3.1.20", - "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.1.20.tgz", - "integrity": "sha512-a1cQNyczgKbLX9jwbS/+d7W8fX/RfgYR7lVWwWOGIPNgK2m0MWvrGF6/m4kk6U3QcFMnZf3RIhL0v2Jgh/0Uxw==", + "version": "3.1.23", + "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.1.23.tgz", + "integrity": "sha512-FiB0kzdP0FFVGDKlRLEQ1BgDzU87dy5NnzjeW9YZNt+/c3+q82EQDUwniSAUxp/F0gFNI1ZhKU1FqYsMuqZVnw==", "dev": true }, "source-map": { diff --git a/package.json b/package.json index cbde2b570e983..a2178224992a1 100644 --- a/package.json +++ b/package.json @@ -185,7 +185,7 @@ "nock": "12.0.3", "node-watch": "0.7.0", "patch-package": "6.2.2", - "postcss": "8.2.2", + "postcss": "8.2.15", "postcss-loader": "4.2.0", "prettier": "npm:wp-prettier@2.2.1-beta-1", "progress": "2.0.3", diff --git a/packages/scripts/CHANGELOG.md b/packages/scripts/CHANGELOG.md index fa2f9ab7a0b71..0b9a948485614 100644 --- a/packages/scripts/CHANGELOG.md +++ b/packages/scripts/CHANGELOG.md @@ -14,6 +14,12 @@ - Have the `format` command ignore files listed in a `.prettierignore` file, add a fallback `.prettierignore` to the package ([30844](https://github.com/WordPress/gutenberg/pull/30844)). - The e2e tests are now using [`jest-circus`](https://github.com/facebook/jest/tree/master/packages/jest-circus) as the test runner. This enable us to capture screenshots at the time the tests failed. The unit tests are also using the same test runner for consistency ([#28449](https://github.com/WordPress/gutenberg/pull/28449), [#31178](https://github.com/WordPress/gutenberg/pull/31178)). +### Security Fix + +- Update `postcss` dependency to the latest patch version. Versions before 8.2.10 are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing ([#31685](https://github.com/WordPress/gutenberg/pull/31685)). + +## 15.0.1 (2021-04-30) + ### Bug Fix - Add `postcss` as a dependency to ensure that the correct version gets installed. diff --git a/packages/scripts/package.json b/packages/scripts/package.json index b46ac6b4f9b4b..226126a119709 100644 --- a/packages/scripts/package.json +++ b/packages/scripts/package.json @@ -66,7 +66,7 @@ "mini-css-extract-plugin": "^1.3.9", "minimist": "^1.2.0", "npm-package-json-lint": "^5.0.0", - "postcss": "^8.2.2", + "postcss": "^8.2.15", "postcss-loader": "^4.2.0", "prettier": "npm:wp-prettier@2.2.1-beta-1", "puppeteer-core": "^9.0.0",