This run took 42 seconds.
From 452065b8e376cc30286611e9f1a0128674c1f550 Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Mon, 27 Apr 2026 11:13:17 +0000
Subject: [PATCH] build: Updating postcss to 8.5.12
* https://github.com/advisories/GHSA-qx2v-qp2m-jg93
Change-Id: I6577a938c7ba6eea7ddbcda6b91ecac59e468498
---
package-lock.json | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index 7041c40..b5e9bdd 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -5421,9 +5421,9 @@
}
},
"node_modules/postcss": {
- "version": "8.5.6",
- "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.6.tgz",
- "integrity": "sha512-3Ybi1tAuwAP9s0r1UQ2J4n5Y0G05bJkpUIO0/bI9MhwmD70S5aTWbXGBwxHrelT+XM1k6dM0pk+SwNkpTRN7Pg==",
+ "version": "8.5.12",
+ "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.12.tgz",
+ "integrity": "sha512-W62t/Se6rA0Az3DfCL0AqJwXuKwBeYg6nOaIgzP+xZ7N5BFCI7DYi1qs6ygUYT6rvfi6t9k65UMLJC+PHZpDAA==",
"dev": true,
"funding": [
{
--
2.47.3
$ date
--- stdout ---
Mon Apr 27 11:12:38 UTC 2026
--- end ---
$ git clone file:///srv/git/mediawiki-extensions-Chart.git /src/repo --depth=1 -b master
--- stderr ---
Cloning into '/src/repo'...
--- stdout ---
--- end ---
$ git config user.name libraryupgrader
--- stdout ---
--- end ---
$ git config user.email tools.libraryupgrader@tools.wmflabs.org
--- stdout ---
--- end ---
$ git submodule update --init
--- stdout ---
--- end ---
$ grr init
--- stdout ---
Installed commit-msg hook.
--- end ---
$ git show-ref refs/heads/master
--- stdout ---
887f62c9dfe36528a7d54b047a06c4435aea71ff refs/heads/master
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"postcss": {
"name": "postcss",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1117015,
"name": "postcss",
"dependency": "postcss",
"title": "PostCSS has XSS via Unescaped </style> in its CSS Stringify Output",
"url": "https://github.com/advisories/GHSA-qx2v-qp2m-jg93",
"severity": "moderate",
"cwe": [
"CWE-79"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<8.5.10"
}
],
"effects": [],
"range": "<8.5.10",
"nodes": [
"node_modules/postcss"
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 1,
"high": 0,
"critical": 0,
"total": 1
},
"dependencies": {
"prod": 1,
"dev": 548,
"optional": 1,
"peer": 1,
"peerOptional": 0,
"total": 548
}
}
}
--- end ---
$ /usr/bin/composer install
--- stderr ---
No composer.lock file present. Updating dependencies to latest instead of installing from lock file. See https://getcomposer.org/install for more information.
Loading composer repositories with package information
Updating dependencies
Lock file operations: 37 installs, 0 updates, 0 removals
- Locking composer/pcre (3.3.2)
- Locking composer/semver (3.4.4)
- Locking composer/spdx-licenses (1.5.10)
- Locking composer/xdebug-handler (3.0.5)
- Locking danog/advanced-json-rpc (v3.2.3)
- Locking dealerdirect/phpcodesniffer-composer-installer (v1.2.0)
- Locking doctrine/deprecations (1.1.6)
- Locking mediawiki/mediawiki-codesniffer (v50.0.0)
- Locking mediawiki/mediawiki-phan-config (0.20.0)
- Locking mediawiki/minus-x (2.0.1)
- Locking mediawiki/phan-taint-check-plugin (9.1.0)
- Locking netresearch/jsonmapper (v5.0.1)
- Locking phan/phan (6.0.2)
- Locking phan/tolerant-php-parser (v0.2.0)
- Locking phan/var_representation_polyfill (0.1.4)
- Locking php-parallel-lint/php-console-color (v1.0.1)
- Locking php-parallel-lint/php-console-highlighter (v1.0.0)
- Locking php-parallel-lint/php-parallel-lint (v1.4.0)
- Locking phpcsstandards/phpcsextra (1.4.0)
- Locking phpcsstandards/phpcsutils (1.2.2)
- Locking phpdocumentor/reflection-common (2.2.0)
- Locking phpdocumentor/reflection-docblock (6.0.3)
- Locking phpdocumentor/type-resolver (2.0.0)
- Locking phpstan/phpdoc-parser (2.3.2)
- Locking psr/container (2.0.2)
- Locking psr/log (3.0.2)
- Locking sabre/event (6.0.1)
- Locking squizlabs/php_codesniffer (3.13.5)
- Locking symfony/console (v8.0.8)
- Locking symfony/deprecation-contracts (v3.6.0)
- Locking symfony/polyfill-ctype (v1.37.0)
- Locking symfony/polyfill-intl-grapheme (v1.37.0)
- Locking symfony/polyfill-intl-normalizer (v1.37.0)
- Locking symfony/polyfill-mbstring (v1.37.0)
- Locking symfony/service-contracts (v3.6.1)
- Locking symfony/string (v8.0.8)
- Locking webmozart/assert (2.3.0)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 37 installs, 0 updates, 0 removals
0 [>---------------------------] 0 [->--------------------------]
- Installing squizlabs/php_codesniffer (3.13.5): Extracting archive
- Installing dealerdirect/phpcodesniffer-composer-installer (v1.2.0): Extracting archive
- Installing composer/pcre (3.3.2): Extracting archive
- Installing phpcsstandards/phpcsutils (1.2.2): Extracting archive
- Installing phpcsstandards/phpcsextra (1.4.0): Extracting archive
- Installing symfony/polyfill-mbstring (v1.37.0): Extracting archive
- Installing composer/spdx-licenses (1.5.10): Extracting archive
- Installing composer/semver (3.4.4): Extracting archive
- Installing mediawiki/mediawiki-codesniffer (v50.0.0): Extracting archive
- Installing symfony/polyfill-intl-normalizer (v1.37.0): Extracting archive
- Installing symfony/polyfill-intl-grapheme (v1.37.0): Extracting archive
- Installing symfony/polyfill-ctype (v1.37.0): Extracting archive
- Installing symfony/string (v8.0.8): Extracting archive
- Installing symfony/deprecation-contracts (v3.6.0): Extracting archive
- Installing psr/container (2.0.2): Extracting archive
- Installing symfony/service-contracts (v3.6.1): Extracting archive
- Installing symfony/console (v8.0.8): Extracting archive
- Installing sabre/event (6.0.1): Extracting archive
- Installing phan/var_representation_polyfill (0.1.4): Extracting archive
- Installing phan/tolerant-php-parser (v0.2.0): Extracting archive
- Installing netresearch/jsonmapper (v5.0.1): Extracting archive
- Installing webmozart/assert (2.3.0): Extracting archive
- Installing phpstan/phpdoc-parser (2.3.2): Extracting archive
- Installing phpdocumentor/reflection-common (2.2.0): Extracting archive
- Installing doctrine/deprecations (1.1.6): Extracting archive
- Installing phpdocumentor/type-resolver (2.0.0): Extracting archive
- Installing phpdocumentor/reflection-docblock (6.0.3): Extracting archive
- Installing danog/advanced-json-rpc (v3.2.3): Extracting archive
- Installing psr/log (3.0.2): Extracting archive
- Installing composer/xdebug-handler (3.0.5): Extracting archive
- Installing phan/phan (6.0.2): Extracting archive
- Installing mediawiki/phan-taint-check-plugin (9.1.0): Extracting archive
- Installing mediawiki/mediawiki-phan-config (0.20.0): Extracting archive
- Installing mediawiki/minus-x (2.0.1): Extracting archive
- Installing php-parallel-lint/php-console-color (v1.0.1): Extracting archive
- Installing php-parallel-lint/php-console-highlighter (v1.0.0): Extracting archive
- Installing php-parallel-lint/php-parallel-lint (v1.4.0): Extracting archive
0/35 [>---------------------------] 0%
28/35 [======================>-----] 80%
35/35 [============================] 100%
1 package suggestions were added by new dependencies, use `composer suggest` to see details.
Generating autoload files
16 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
--- stdout ---
PHP CodeSniffer Config installed_paths set to ../../mediawiki/mediawiki-codesniffer,../../phpcsstandards/phpcsextra,../../phpcsstandards/phpcsutils
--- end ---
$ /usr/bin/npm audit --json
--- stdout ---
{
"auditReportVersion": 2,
"vulnerabilities": {
"postcss": {
"name": "postcss",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1117015,
"name": "postcss",
"dependency": "postcss",
"title": "PostCSS has XSS via Unescaped </style> in its CSS Stringify Output",
"url": "https://github.com/advisories/GHSA-qx2v-qp2m-jg93",
"severity": "moderate",
"cwe": [
"CWE-79"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<8.5.10"
}
],
"effects": [],
"range": "<8.5.10",
"nodes": [
"node_modules/postcss"
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 1,
"high": 0,
"critical": 0,
"total": 1
},
"dependencies": {
"prod": 1,
"dev": 548,
"optional": 1,
"peer": 1,
"peerOptional": 0,
"total": 548
}
}
}
--- end ---
Attempting to npm audit fix
$ /usr/bin/npm audit fix --dry-run --only=dev --json
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
--- stdout ---
{
"added": 548,
"removed": 0,
"changed": 0,
"audited": 549,
"funding": 119,
"audit": {
"auditReportVersion": 2,
"vulnerabilities": {
"postcss": {
"name": "postcss",
"severity": "moderate",
"isDirect": false,
"via": [
{
"source": 1117015,
"name": "postcss",
"dependency": "postcss",
"title": "PostCSS has XSS via Unescaped </style> in its CSS Stringify Output",
"url": "https://github.com/advisories/GHSA-qx2v-qp2m-jg93",
"severity": "moderate",
"cwe": [
"CWE-79"
],
"cvss": {
"score": 6.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
},
"range": "<8.5.10"
}
],
"effects": [],
"range": "<8.5.10",
"nodes": [
""
],
"fixAvailable": true
}
},
"metadata": {
"vulnerabilities": {
"info": 0,
"low": 0,
"moderate": 1,
"high": 0,
"critical": 0,
"total": 1
},
"dependencies": {
"prod": 1,
"dev": 548,
"optional": 1,
"peer": 1,
"peerOptional": 0,
"total": 548
}
}
}
}
--- end ---
{"added": 548, "removed": 0, "changed": 0, "audited": 549, "funding": 119, "audit": {"auditReportVersion": 2, "vulnerabilities": {"postcss": {"name": "postcss", "severity": "moderate", "isDirect": false, "via": [{"source": 1117015, "name": "postcss", "dependency": "postcss", "title": "PostCSS has XSS via Unescaped </style> in its CSS Stringify Output", "url": "https://github.com/advisories/GHSA-qx2v-qp2m-jg93", "severity": "moderate", "cwe": ["CWE-79"], "cvss": {"score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "range": "<8.5.10"}], "effects": [], "range": "<8.5.10", "nodes": [""], "fixAvailable": true}}, "metadata": {"vulnerabilities": {"info": 0, "low": 0, "moderate": 1, "high": 0, "critical": 0, "total": 1}, "dependencies": {"prod": 1, "dev": 548, "optional": 1, "peer": 1, "peerOptional": 0, "total": 548}}}}
$ /usr/bin/npm audit fix --only=dev
--- stderr ---
npm WARN invalid config only="dev" set in command line options
npm WARN invalid config Must be one of: null, prod, production
npm WARN deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
--- stdout ---
added 547 packages, and audited 548 packages in 6s
119 packages are looking for funding
run `npm fund` for details
found 0 vulnerabilities
--- end ---
Verifying that tests still pass
$ /usr/bin/npm ci
--- stderr ---
npm WARN deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm WARN deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm WARN deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.
--- stdout ---
added 547 packages, and audited 548 packages in 6s
119 packages are looking for funding
run `npm fund` for details
found 0 vulnerabilities
--- end ---
$ /usr/bin/npm test
--- stderr ---
PASS tests/jest/render.test.js
numberFormatter
✓ formats numbers to minimum of 2 decimal places (111 ms)
✓ formats 1000 as 1K (5 ms)
✓ formats to four figures between 100 and 1000 as expected (1 ms)
✓ formats large numbers on axis to nearest integers (1 ms)
getFormatter
✓ formats integers correctly with formatMode none (22 ms)
✓ formats floats correctly with formatMode none (2 ms)
✓ formats integers correctly with formatMode none and no comma separator (3 ms)
✓ formats integers correctly with formatMode auto (2 ms)
✓ formats floats correctly with formatMode auto (1 ms)
✓ formats integers correctly with formatMode auto and comma separator (1 ms)
Failed to collect coverage from /src/repo/resources/ext.chart.visualEditMode/ChartVisualEditor.vue
ERROR: /src/repo/resources/ext.chart.visualEditMode/ChartVisualEditor.vue: Support for the experimental syntax 'jsx' isn't currently enabled (1:1):
> 1 | <template>
| ^
2 | <div>Chart Visual Editor Form</div>
3 | </template>
4 |
Add @babel/preset-react (https://github.com/babel/babel/tree/main/packages/babel-preset-react) to the 'presets' section of your Babel config to enable transformation.
If you want to leave it as-is, add @babel/plugin-syntax-jsx (https://github.com/babel/babel/tree/main/packages/babel-plugin-syntax-jsx) to the 'plugins' section to enable parsing.
If you already added the plugin for this syntax to your config, it's possible that your config isn't being loaded.
You can re-run Babel with the BABEL_SHOW_CONFIG_FOR environment variable to show the loaded configuration:
npx cross-env BABEL_SHOW_CONFIG_FOR=/src/repo/resources/ext.chart.visualEditMode/ChartVisualEditor.vue <your build command>
See https://babeljs.io/docs/configuration#print-effective-configs for more info.
STACK: SyntaxError: /src/repo/resources/ext.chart.visualEditMode/ChartVisualEditor.vue: Support for the experimental syntax 'jsx' isn't currently enabled (1:1):
> 1 | <template>
| ^
2 | <div>Chart Visual Editor Form</div>
3 | </template>
4 |
Add @babel/preset-react (https://github.com/babel/babel/tree/main/packages/babel-preset-react) to the 'presets' section of your Babel config to enable transformation.
If you want to leave it as-is, add @babel/plugin-syntax-jsx (https://github.com/babel/babel/tree/main/packages/babel-plugin-syntax-jsx) to the 'plugins' section to enable parsing.
If you already added the plugin for this syntax to your config, it's possible that your config isn't being loaded.
You can re-run Babel with the BABEL_SHOW_CONFIG_FOR environment variable to show the loaded configuration:
npx cross-env BABEL_SHOW_CONFIG_FOR=/src/repo/resources/ext.chart.visualEditMode/ChartVisualEditor.vue <your build command>
See https://babeljs.io/docs/configuration#print-effective-configs for more info.
at constructor (/src/repo/node_modules/@babel/parser/lib/index.js:360:19)
at Parser.raise (/src/repo/node_modules/@babel/parser/lib/index.js:3327:19)
at Parser.expectOnePlugin (/src/repo/node_modules/@babel/parser/lib/index.js:3361:18)
at Parser.parseExprAtom (/src/repo/node_modules/@babel/parser/lib/index.js:11085:18)
at Parser.parseExprSubscripts (/src/repo/node_modules/@babel/parser/lib/index.js:10759:23)
at Parser.parseUpdate (/src/repo/node_modules/@babel/parser/lib/index.js:10744:21)
at Parser.parseMaybeUnary (/src/repo/node_modules/@babel/parser/lib/index.js:10724:23)
at Parser.parseMaybeUnaryOrPrivate (/src/repo/node_modules/@babel/parser/lib/index.js:10577:61)
at Parser.parseExprOps (/src/repo/node_modules/@babel/parser/lib/index.js:10582:23)
at Parser.parseMaybeConditional (/src/repo/node_modules/@babel/parser/lib/index.js:10559:23)
at Parser.parseMaybeAssign (/src/repo/node_modules/@babel/parser/lib/index.js:10522:21)
at Parser.parseExpressionBase (/src/repo/node_modules/@babel/parser/lib/index.js:10477:23)
at /src/repo/node_modules/@babel/parser/lib/index.js:10473:39
at Parser.allowInAnd (/src/repo/node_modules/@babel/parser/lib/index.js:12096:16)
at Parser.parseExpression (/src/repo/node_modules/@babel/parser/lib/index.js:10473:17)
at Parser.parseStatementContent (/src/repo/node_modules/@babel/parser/lib/index.js:12534:23)
at Parser.parseStatementLike (/src/repo/node_modules/@babel/parser/lib/index.js:12407:17)
at Parser.parseModuleItem (/src/repo/node_modules/@babel/parser/lib/index.js:12384:17)
at Parser.parseBlockOrModuleBlockBody (/src/repo/node_modules/@babel/parser/lib/index.js:12955:36)
at Parser.parseBlockBody (/src/repo/node_modules/@babel/parser/lib/index.js:12948:10)
at Parser.parseProgram (/src/repo/node_modules/@babel/parser/lib/index.js:12281:10)
at Parser.parseTopLevel (/src/repo/node_modules/@babel/parser/lib/index.js:12271:25)
at Parser.parse (/src/repo/node_modules/@babel/parser/lib/index.js:14123:10)
at parse (/src/repo/node_modules/@babel/parser/lib/index.js:14157:38)
at parser (/src/repo/node_modules/@babel/core/lib/parser/index.js:41:34)
at parser.next (<anonymous>)
at normalizeFile (/src/repo/node_modules/@babel/core/lib/transformation/normalize-file.js:64:37)
at normalizeFile.next (<anonymous>)
at run (/src/repo/node_modules/@babel/core/lib/transformation/index.js:22:50)
at run.next (<anonymous>)
at transform (/src/repo/node_modules/@babel/core/lib/transform.js:22:33)
at transform.next (<anonymous>)
at evaluateSync (/src/repo/node_modules/gensync/index.js:251:28)
at sync (/src/repo/node_modules/gensync/index.js:89:14)
at stopHiding - secret - don't use this - v1 (/src/repo/node_modules/@babel/core/lib/errors/rewrite-stack-trace.js:47:12)
at transformSync (/src/repo/node_modules/@babel/core/lib/transform.js:42:76)
at ScriptTransformer._instrumentFile (/src/repo/node_modules/@jest/transform/build/ScriptTransformer.js:389:46)
at ScriptTransformer._buildTransformResult (/src/repo/node_modules/@jest/transform/build/ScriptTransformer.js:491:33)
at ScriptTransformer.transformSourceAsync (/src/repo/node_modules/@jest/transform/build/ScriptTransformer.js:608:17)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async generateEmptyCoverage (/src/repo/node_modules/@jest/reporters/build/generateEmptyCoverage.js:127:20)
Test Suites: 1 passed, 1 total
Tests: 10 passed, 10 total
Snapshots: 0 total
Time: 5.848 s
Ran all test suites.
--- stdout ---
> chart@0.0.0 test
> npm run lint && npm run test:unit
> chart@0.0.0 lint
> npm -s run lint:js && npm -s run lint:styles && npm -s run lint:i18n
Checked 1 message directory.
> chart@0.0.0 test:unit
> jest
------------------------------|---------|----------|---------|---------|-----------------------------------------------------------------
File | % Stmts | % Branch | % Funcs | % Lines | Uncovered Line #s
------------------------------|---------|----------|---------|---------|-----------------------------------------------------------------
All files | 10.72 | 11.4 | 10.81 | 10.38 |
ext.chart | 19.23 | 13.54 | 19.04 | 18.75 |
bootstrap.js | 0 | 0 | 0 | 0 | 3-59
render.js | 25 | 16.25 | 25 | 24.48 | 5-8,20,40-76,91,115-124,142-145,148-151,160-162,175-200,223-281
ext.chart.visualEditMode | 0 | 0 | 100 | 0 |
init.js | 0 | 0 | 100 | 0 | 3-8
ext.chart.visualEditor | 0 | 0 | 0 | 0 |
ve.ce.MWChartNode.js | 0 | 100 | 0 | 0 | 18-52
ve.dm.MWChartNode.js | 0 | 0 | 0 | 0 | 17-58
ve.ui.MWChartContextItem.js | 0 | 100 | 0 | 0 | 17-55
ve.ui.MWChartDialog.js | 0 | 0 | 0 | 0 | 17-145
ve.ui.MWChartDialogTool.js | 0 | 100 | 0 | 0 | 18-43
------------------------------|---------|----------|---------|---------|-----------------------------------------------------------------
--- end ---
{"1117015": {"source": 1117015, "name": "postcss", "dependency": "postcss", "title": "PostCSS has XSS via Unescaped </style> in its CSS Stringify Output", "url": "https://github.com/advisories/GHSA-qx2v-qp2m-jg93", "severity": "moderate", "cwe": ["CWE-79"], "cvss": {"score": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "range": "<8.5.10"}}
Upgrading n:postcss from 8.5.6 -> 8.5.12
$ package-lock-lint /src/repo/package-lock.json
--- stdout ---
Checking /src/repo/package-lock.json
--- end ---
build: Updating postcss to 8.5.12
* https://github.com/advisories/GHSA-qx2v-qp2m-jg93
$ git add .
--- stdout ---
--- end ---
$ git commit -F /tmp/tmpvazrvt6l
--- stdout ---
[master 452065b] build: Updating postcss to 8.5.12
1 file changed, 3 insertions(+), 3 deletions(-)
--- end ---
$ git format-patch HEAD~1 --stdout
--- stdout ---
From 452065b8e376cc30286611e9f1a0128674c1f550 Mon Sep 17 00:00:00 2001
From: libraryupgrader <tools.libraryupgrader@tools.wmflabs.org>
Date: Mon, 27 Apr 2026 11:13:17 +0000
Subject: [PATCH] build: Updating postcss to 8.5.12
* https://github.com/advisories/GHSA-qx2v-qp2m-jg93
Change-Id: I6577a938c7ba6eea7ddbcda6b91ecac59e468498
---
package-lock.json | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index 7041c40..b5e9bdd 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -5421,9 +5421,9 @@
}
},
"node_modules/postcss": {
- "version": "8.5.6",
- "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.6.tgz",
- "integrity": "sha512-3Ybi1tAuwAP9s0r1UQ2J4n5Y0G05bJkpUIO0/bI9MhwmD70S5aTWbXGBwxHrelT+XM1k6dM0pk+SwNkpTRN7Pg==",
+ "version": "8.5.12",
+ "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.12.tgz",
+ "integrity": "sha512-W62t/Se6rA0Az3DfCL0AqJwXuKwBeYg6nOaIgzP+xZ7N5BFCI7DYi1qs6ygUYT6rvfi6t9k65UMLJC+PHZpDAA==",
"dev": true,
"funding": [
{
--
2.47.3
--- end ---