dependabot[bot] opened a new pull request #1633: URL: https://github.com/apache/myfaces-tobago/pull/1633
Bumps [postcss](https://github.com/postcss/postcss) from 8.3.11 to 8.4.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/postcss/postcss/releases";>postcss's releases</a>.</em></p> <blockquote> <h2>8.4 “President Camio”</h2> <!-- raw HTML omitted --> <p>PostCSS 8.4 brought ranges for warnings and errors, smaller <code>node_modules</code> size, lazy parsing to avoid <code>PostCSS does nothing</code> warning, and TypeScript fixes.</p> <h2>Thanks to Sponsors</h2> <p>This release was possible thanks to our community.</p> <!-- raw HTML omitted --> <p>If your company wants to support the sustainability of front-end infrastructure or wants to give some love to PostCSS, you can join our supporters by:</p> <ul> <li><a href="https://tidelift.com/";><strong>Tidelift</strong></a> with a Spotify-like subscription model supporting all projects from your lock file.</li> <li>Direct donations in <a href="https://opencollective.com/postcss#section-contributors";><strong>PostCSS & Autoprefixer Open Collective</strong></a>.</li> </ul> <h2>Rages for Errors and Warnings</h2> <p><a href="https://github.com/adalinesimonian";><code>@adalinesimonian</code></a>, the author of amazing <a href="https://github.com/stylelint/vscode-stylelint";>Stylelint extension</a> for VS Code, added ranges to errors and warnings.</p> <pre lang="js"><code>result.warn(msg, { index }) // One character warning at index result.warn(msg, { endIndex }) // Starts at node start, ends at endIndex result.warn(msg, { index, endIndex }) // Starts at index, ends at endIndex result.warn(msg, { start }) // Starts at start, ends at node end result.warn(msg, { end }) // Starts at node start, ends at end result.warn(msg, { start, end }) // Starts at start, ends at end result.warn(msg, { word }) // Starts at word location, ends at word index + length </code></pre> <p>It will improve DX in the IDE extension.</p> <h2>Lazy Parsing</h2> <p>Previously, we found that many tools run PostCSS even if the developer didn’t pass any PostCSS plugins. Parsing is the most expensive step in CSS processing. It led to a waste of resources without any reason.</p> <p>We tried to resolve the problem by adding a <code>PostCSS does nothing</code> warning. But it didn’t force tool authors to be more careful with user’s resources.</p> <p>If PostCSS sees that tool call it without passing plugins (or changing parser/stringifier), PostCSS will not parse CSS (until toll will call <code>Result#root</code>). In 8.4, <a href="https://github.com/bogdan0083";><code>@bogdan0083</code></a> (with the help of <a href="https://github.com/WilhelmYakunin";><code>@WilhelmYakunin</code></a>) tries to solve the problem in another way. It allows us to save resources and remove the <code>PostCSS does nothing</code> warning.</p> <pre lang="js"><code>// No plugins, we do not parse CSS let result = await postcss().process(css, { from }) result.css // Is the same string passed to process() </tr></table> </code></pre> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/postcss/postcss/blob/main/CHANGELOG.md";>postcss's changelog</a>.</em></p> <blockquote> <h1>Change Log</h1> <p>This project adheres to <a href="https://semver.org/";>Semantic Versioning</a>.</p> <h2>8.4 “President Camio”</h2> <ul> <li>Added ranges for errors and warnings (by Adaline Valentina Simonian).</li> <li>Added <code>Stringifier</code> types (by James Garbutt).</li> <li>Added <code>Processor</code> types.</li> <li>Removed <code>PostCSS does nothing</code> warning by lazy parser (Bogdan Dolin).</li> <li>Fixed <code>Node#walkRules()</code> types (by Aleks Hudochenkov).</li> <li>Fixed types <code>Root</code> and <code>Document</code> in result values (by James Garbutt).</li> <li>Reduced npm install size by 0.5 MB.</li> <li>Moved tests from Jest to <code>uvu</code> (by Andrey Kim).</li> <li>Fixed docs (by Paul Shryock).</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/postcss/postcss/commit/e72bf87004a8782f5a46a2c7b40c470c0bdd5705";><code>e72bf87</code></a> Release 8.4 version</li> <li><a href="https://github.com/postcss/postcss/commit/eef40419a87dea735965f7c36f5ad0e92c0bfb24";><code>eef4041</code></a> Remove old plugin</li> <li><a href="https://github.com/postcss/postcss/commit/698556b5da8676db9658a4e62567da3bbf9eaf90";><code>698556b</code></a> Show both VS Code plugins</li> <li><a href="https://github.com/postcss/postcss/commit/c9159cef9adc062739b63853f642edb14143da55";><code>c9159ce</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/postcss/postcss/issues/1679";>#1679</a> from hasnath1/patch-1</li> <li><a href="https://github.com/postcss/postcss/commit/a0547765cd57781c4ede373efc032b8aab43602d";><code>a054776</code></a> Update dependencies</li> <li><a href="https://github.com/postcss/postcss/commit/2b8ce5d5aaab11989ec62d56e5c42795a1a43399";><code>2b8ce5d</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/postcss/postcss/issues/1680";>#1680</a> from TheDutchCoder/add-postcss-rem-to-px-plugin</li> <li><a href="https://github.com/postcss/postcss/commit/71f41fbf96a5080488ff964eefacfccc778d4188";><code>71f41fb</code></a> docs: :memo: Add plugin to docs</li> <li><a href="https://github.com/postcss/postcss/commit/21c480d10367a9319c4ed612cfb38970feec02b0";><code>21c480d</code></a> Update README.md</li> <li><a href="https://github.com/postcss/postcss/commit/73e2b7bae46d371ebeada0bceca664b27edb5e86";><code>73e2b7b</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/postcss/postcss/issues/1672";>#1672</a> from adalinesimonian/fix-ranges</li> <li><a href="https://github.com/postcss/postcss/commit/aed9a9b9ee67c05008825638d6ee0b4478a1d09b";><code>aed9a9b</code></a> test: add missing test.run()</li> <li>Additional commits viewable in <a href="https://github.com/postcss/postcss/compare/8.3.11...8.4.0";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
