From 772ba905044cb4838c83c9d2d2c0321184d8c3ec Mon Sep 17 00:00:00 2001
From: Dave Long <dave@longwaveconsulting.com>
Date: Thu, 19 Oct 2023 10:02:58 +0200
Subject: [PATCH] Issue #3392485 by Spokje: Security update postcss
 (CVE-2023-44270)

---
 core/package.json |  2 +-
 core/yarn.lock    | 17 ++++-------------
 2 files changed, 5 insertions(+), 14 deletions(-)

diff --git a/core/package.json b/core/package.json
index 8b75358b1441..367f396a53db 100644
--- a/core/package.json
+++ b/core/package.json
@@ -80,7 +80,7 @@
     "mkdirp": "^3.0.1",
     "nightwatch": "^2.3.9",
     "normalize.css": "8.0.x",
-    "postcss": "^8.4.24",
+    "postcss": "^8.4.31",
     "postcss-header": "^3.0.2",
     "postcss-import": "^15.0.0",
     "postcss-preset-env": "^8.4.2",
diff --git a/core/yarn.lock b/core/yarn.lock
index c71c6d4126a7..508d5c4eea31 100644
--- a/core/yarn.lock
+++ b/core/yarn.lock
@@ -4451,19 +4451,10 @@ postcss-value-parser@^4.0.0, postcss-value-parser@^4.2.0:
   resolved "https://registry.yarnpkg.com/postcss-value-parser/-/postcss-value-parser-4.2.0.tgz#723c09920836ba6d3e5af019f92bc0971c02e514"
   integrity sha512-1NNCs6uurfkVbeXG4S8JFT9t19m45ICnif8zWLd5oPSZ50QnwMfK+H3jv408d4jw/7Bttv5axS5IiHoLaVNHeQ==
 
-postcss@^8.4.21:
-  version "8.4.23"
-  resolved "https://registry.yarnpkg.com/postcss/-/postcss-8.4.23.tgz#df0aee9ac7c5e53e1075c24a3613496f9e6552ab"
-  integrity sha512-bQ3qMcpF6A/YjR55xtoTr0jGOlnPOKAIMdOWiv0EIT6HVPEaJiJB4NLljSbiHoC2RX7DN5Uvjtpbg1NPdwv1oA==
-  dependencies:
-    nanoid "^3.3.6"
-    picocolors "^1.0.0"
-    source-map-js "^1.0.2"
-
-postcss@^8.4.24:
-  version "8.4.24"
-  resolved "https://registry.yarnpkg.com/postcss/-/postcss-8.4.24.tgz#f714dba9b2284be3cc07dbd2fc57ee4dc972d2df"
-  integrity sha512-M0RzbcI0sO/XJNucsGjvWU9ERWxb/ytp1w6dKtxTKgixdtQDq4rmx/g8W1hnaheq9jgwL/oyEdH5Bc4WwJKMqg==
+postcss@^8.4.21, postcss@^8.4.24, postcss@^8.4.31:
+  version "8.4.31"
+  resolved "https://registry.yarnpkg.com/postcss/-/postcss-8.4.31.tgz#92b451050a9f914da6755af352bdc0192508656d"
+  integrity sha512-PS08Iboia9mts/2ygV3eLpY5ghnUcfLV/EXTOW1E2qYxJKGGBUtNjN76FYHnMs36RmARn41bC0AZmn+rR0OVpQ==
   dependencies:
     nanoid "^3.3.6"
     picocolors "^1.0.0"
-- 
GitLab