[Snyk] Upgrade css-tree from 2.2.1 to 2.3.1 #4

DevArmenchik · 2024-01-19T18:21:52Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade css-tree from 2.2.1 to 2.3.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 2 versions ahead of your current version.
The recommended version was released a year ago, on 2022-12-14.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	169/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00091, Social Trends: No, Days since published: 213, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.81, Score Version: V5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	169/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00091, Social Trends: No, Days since published: 213, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.81, Score Version: V5	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: css-tree

2.3.1 - 2022-12-14
- Added :host, :host() and :host-context() pseudo class support (#216)
- Fixed generator, parse and parse-selector entry points by adding missed NestedSelector node type
- Removed npm > 7 version requirement (#218)
2.3.0 - 2022-11-30
- Added CSS Nesting support:
  - Added NestingSelector node type for & (a nesting selector) in selectors
  - Added @ nest at-rule
  - Changed behaviour for @ media inside a Rule to parse its block content as a Declaration first
  - Changed DeclarationList behaviour to follow the rules for Rule's block
- Added the dimension units introspection & customisation:
  - Added Lexer#units dictionary to provide unit groups (length, angle, etc.) used for matching
  - Changed Lexer's constructor to take into consideration config.units to override default units
  - Extended lexer's dump to contain a units dictionary
- Bumped mdn-data to 2.0.30
2.2.1 - 2022-08-14
- Fixed a regression added in 2.2.0 for at-rule syntax matching when at-rule has no prelude (#203)

from css-tree GitHub release notes

Commit messages

Package name: css-tree

593bf37 2.3.1
8a52f8d Fix entry points by adding missed NestedSelector node type
49b4006 Support :host and :host-context pseudo class selectors (Fix YAML syntax: "run" commands and "pull_request" event name w3c/webref#216)
0801321 Remove NPM > 7 requirement (Fix patch for css-page w3c/webref#218)
debb7c5 2.3.0
908d9e1 Bump mdn-data to 2.0.30
a2e4602 Fix security warnings
03910c6 Clean up patch
1741747 Patch perspective()/scale*() functions to match CSS Transform 2
181e158 Add the dimension units introspection & customisation
f1c9d19 Internal refactoring: rework config mixing
f1df064 Add a basic @ nest syntax definition
2e91fe9 Allow @ supports to be nested in a Rule block
137eba4 Internal refactoring
041239e Add CSS Nesting support (fixes Make it possible to run workflows manually w3c/webref#79)