[Snyk] Upgrade postcss-cli from 5.0.1 to 9.1.0

[snyk-bot]

Snyk has created this PR to upgrade postcss-cli from 5.0.1 to 9.1.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

Warning: This is a major version upgrade, and may be a breaking change.

• The recommended version is 19 versions ahead of your current version.
• The recommended version was released 6 months ago, on 2021-12-10.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579155	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579152	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Write SNYK-JS-TAR-1579147	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536531	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary File Overwrite SNYK-JS-TAR-1536528	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-LODASH-608086	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-567746	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Command Injection SNYK-JS-LODASH-1040724	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-INI-1048974	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-YARGSPARSER-560381	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-2429795	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: postcss-cli

• 9.1.0 - 2021-12-10
  

  9.1.0

• 9.0.2 - 2021-11-04
  

  9.0.2

• 9.0.1 - 2021-09-28
  

  9.0.1

• 9.0.0 - 2021-09-24
  

  9.0.0

• 8.3.1 - 2020-12-12
  

  8.3.1

• 8.3.0 - 2020-11-17
  

  8.3.0

• 8.2.0 - 2020-10-29
  

  8.2.0

• 8.1.0 - 2020-10-08
  

  8.1.0

• 8.0.0 - 2020-09-21
  
  • BREAKING: Support postcss v8 (#344, #349)
  • BREAKING: postcss is now a peerDependency, you must install it seperately (#344, #349)
  • Upgrade dependencies (#340)
• 7.1.2 - 2020-09-01
  

  7.1.2

• 7.1.1 - 2020-04-27
• 7.1.0 - 2020-01-09
• 7.0.0 - 2020-01-07
• 6.1.3 - 2019-07-08
• 6.1.2 - 2019-02-22
• 6.1.1 - 2019-01-04
• 6.1.0 - 2018-12-20
• 6.0.1 - 2018-10-18
• 6.0.0 - 2018-07-18
• 5.0.1 - 2018-06-18

from postcss-cli GitHub release notes

Commit messages

Package name: postcss-cli

• c9f6905 9.1.0
• b06fa80 feat: only save files if they are unchanged (Updated CHANGELOG, Makefile, and releases.json for v0.7.1 release kubernetes/minikube#417)
• c7cc0bb Update dependency prettier to ~2.5.0 (Directories not persisted across reboots kubernetes/minikube#414)
• 6256aa7 Refactor watch tests (Release 0.7.1 kubernetes/minikube#416)
• 0184968 Update eslint & eslint-config-problems (Specify supported drivers per platform kubernetes/minikube#413)
• 538b6f5 9.0.2
• ecf2bee chore: use picocolors for colored terminal output (Logo v1 kubernetes/minikube#409)
• 66b7c80 Exclude test files from npm package
• 392c4f5 9.0.1
• 3143642 Actually exit when writing to stdout in watch mode
• 49db822 Use nanocolors
• 96a7dc6 Remove bin/ from `files` in package.json
• b90bd7f 9.0.0
• 201205c Run watch tests on Linux CI (Have functional localhost proxy command, need to work more on deleting kubernetes/minikube#396)
• ace2a31 Update dependency globby to v12 (Add insecure-registry option to minikube start kubernetes/minikube#386)
• 9d77003 Update dependency slash to v4 (Fix up vanity URL for travis clone kubernetes/minikube#377)
• c9258b1 Update dependency get-stdin to v9 (Travis make test is borked kubernetes/minikube#376)
• a864c5b Remove broken logo printing
• 10f2603 Port to ESM (Added v0.7.0 CHANGELOG.md entry, bumped version number and added vers… kubernetes/minikube#401)
• cd5d5df Update dependency colorette to v2 (Release version 0.7.0 kubernetes/minikube#400)
• 793dca6 Update dependency yargs to v17 (Upgrade to Kubernetes 1.3.2 kubernetes/minikube#382)
• 261aca2 Update dependency fs-extra to v10 (Increase the pull timeout even more. kubernetes/minikube#381)
• 9903e9e Update actions/setup-node action to v2 (adding kubectl test for minikube kubernetes/minikube#398)
• faf0f41 Update dependency prettier to ~2.4.0 (Validate presence of kubectl kubernetes/minikube#397)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs