Skip to content

fix(@angular-devkit/build-angular): upgrade postcss to 8.5.12#33070

Merged
alan-agius4 merged 1 commit into
angular:19.2.xfrom
alan-agius4:postcss-19
Apr 28, 2026
Merged

fix(@angular-devkit/build-angular): upgrade postcss to 8.5.12#33070
alan-agius4 merged 1 commit into
angular:19.2.xfrom
alan-agius4:postcss-19

Conversation

@alan-agius4

@alan-agius4 alan-agius4 commented Apr 28, 2026

Copy link
Copy Markdown
Collaborator

This addresses GHSA-qx2v-qp2m-jg93

Fixes: #33067

@alan-agius4 alan-agius4 requested a review from clydin April 28, 2026 09:23
@alan-agius4 alan-agius4 added action: review The PR is still awaiting reviews from at least one requested reviewer target: lts This PR is targeting a version currently in long-term support labels Apr 28, 2026
@alan-agius4 alan-agius4 linked an issue Apr 28, 2026 that may be closed by this pull request
security: vulnerability found in transitive dependency postcss #33067
Closed
1 task
gemini-code-assist[bot]
gemini-code-assist Bot reviewed Apr 28, 2026
View reviewed changes

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates the postcss dependency from version 8.5.2 to 8.5.12 in the root and package-level package.json files, with corresponding updates in pnpm-lock.yaml. Feedback suggests that the old, potentially vulnerable versions of postcss and nanoid still persist in the lockfile and should be pruned if they are no longer required to avoid triggering security scanners.

Comment thread pnpm-lock.yaml
@alan-agius4 alan-agius4 added action: merge The PR is ready for merge by the caretaker and removed action: review The PR is still awaiting reviews from at least one requested reviewer labels Apr 28, 2026
@alan-agius4 alan-agius4 merged commit 49ae0ad into angular:19.2.x Apr 28, 2026
54 of 56 checks passed
@alan-agius4 alan-agius4 deleted the postcss-19 branch April 28, 2026 11:32
@alan-agius4

alan-agius4 commented Apr 28, 2026

Copy link
Copy Markdown
Collaborator Author

This PR was merged into the repository. The changes were merged into the following branches:

@angular-automatic-lock-bot

angular-automatic-lock-bot Bot commented May 29, 2026

Copy link
Copy Markdown

This pull request has been automatically locked due to inactivity.
Please file a new issue if you are encountering a similar or related problem.

Read more about our automatic conversation locking policy.

This action has been performed automatically by a bot.

@angular-automatic-lock-bot angular-automatic-lock-bot Bot locked and limited conversation to collaborators May 29, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@clydin clydin clydin approved these changes

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

action: merge The PR is ready for merge by the caretaker area: @angular-devkit/build-angular target: lts This PR is targeting a version currently in long-term support

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

security: vulnerability found in transitive dependency postcss

2 participants

@alan-agius4 @clydin