Skip to content

chore(deps-dev): bump postcss from 8.5.8 to 8.5.10#6

Merged
djimit merged 1 commit into
mainfrom
dependabot/npm_and_yarn/postcss-8.5.10
Jun 12, 2026
Merged

chore(deps-dev): bump postcss from 8.5.8 to 8.5.10#6
djimit merged 1 commit into
mainfrom
dependabot/npm_and_yarn/postcss-8.5.10

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 31, 2026

Copy link
Copy Markdown
Contributor

Bumps postcss from 8.5.8 to 8.5.10.

Release notes

Sourced from postcss's releases.

8.5.10

  • Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

  • Speed up source map encoding paring in case of the error.
Changelog

Sourced from postcss's changelog.

8.5.10

  • Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

  • Speed up source map encoding paring in case of the error.
Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 31, 2026
Bumps [postcss](https://github.com/postcss/postcss) from 8.5.8 to 8.5.10.
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.5.8...8.5.10)

---
updated-dependencies:
- dependency-name: postcss
  dependency-version: 8.5.10
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
dependabot Bot force-pushed the dependabot/npm_and_yarn/postcss-8.5.10 branch from 90f4583 to e5b540d Compare June 9, 2026 19:07
@kilo-code-bot

kilo-code-bot Bot commented Jun 9, 2026

Copy link
Copy Markdown

Code Review Summary

Status: No Issues Found | Recommendation: Merge

Overview

This is a Dependabot security bump of postcss from 8.5.88.5.10. The 8.5.10 release patches an XSS vulnerability via unescaped </style> in non-bundler cases. Changes are confined to packages/dashboard/package.json (pinned version updated) and package-lock.json (resolved version updated). No application code was modified.

Files Reviewed (2 files)
  • packages/dashboard/package.json — version pin updated, no issues
  • package-lock.json — resolved/integrity hashes updated to match 8.5.10, no issues

Fix these issues in Kilo Cloud


Reviewed by claude-4.6-sonnet-20260217 · 81,307 tokens

@djimit
djimit merged commit 81d24ce into main Jun 12, 2026
2 of 3 checks passed
@djimit
djimit deleted the dependabot/npm_and_yarn/postcss-8.5.10 branch June 12, 2026 08:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant