Skip to content

Bump js-yaml, cssnano and gulp-postcss #26

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump js-yaml, cssnano and gulp-postcss #26

wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 16, 2025

Removes js-yaml. It's no longer used after updating ancestor dependencies js-yaml, cssnano and gulp-postcss. These dependencies need to be updated together.

Removes js-yaml

Updates cssnano from 4.1.10 to 7.1.2

Release notes

Sourced from cssnano's releases.

v7.1.2

What's Changed

Full Changelog: https://github.com/cssnano/cssnano/compare/cssnano@7.1.1...cssnano@7.1.2

v71.1.1

Bug Fixes

Full Changelog: https://github.com/cssnano/cssnano/compare/cssnano@7.1.0...cssnano@7.1.1

cssnano@7.1.0

Changes

  • Update to SVGO 4.0
  • Update browserslist

cssnano@7.0.7

What's Changed

Full Changelog: https://github.com/cssnano/cssnano/compare/cssnano@7.0.6...cssnano@7.0.7

v7.0.6

What's Changed

Full Changelog: https://github.com/cssnano/cssnano/compare/cssnano@7.0.5...cssnano@7.0.6

v7.0.5

Bug Fixes

v7.0.4

... (truncated)

Commits
  • c847b6b Publish cssnano 7.1.2
  • 72dd9c9 fix: update browserslist
  • 19849ba chore: update dev dependencies
  • ad02c7c chore: use npm trusted publishing
  • f31273c fix: enhanced recognition of css comments (#1730)
  • bd3b251 chore: update GitHub actions
  • bba3b5f chore: update development deps
  • 53c4033 test: switch to built-in Node.js test coverage
  • ff17fd3 chore: update development dependencies
  • c9e493c chore: update pnpm
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for cssnano since your current version.


Updates gulp-postcss from 8.0.0 to 10.0.0

Release notes

Sourced from gulp-postcss's releases.

10.0.0

Same changes as https://github.com/postcss/gulp-postcss/releases/tag/9.1.0, published with the major version bump because of a breaking change.

9.1.0 (deprecated)

Deprecated, republished as 10.0.0 to follow semver, because of the breaking change to drop support for node <18

  • Bump postcss-load-config to ^5.0.0
  • Ensure options are passed to plugins when using postcss.config.js #170
  • Update deps
  • Drop support for node <18
  • Add flake.nix for local dev with nix develop

9.0.1

  • Bump postcss-load-config to ^3.0.0

9.0.0

  • Bump PostCSS to 8.0
  • Drop Node 6 support
  • PostCSS is now a peer dependency
Commits
  • 46533ec Bump to 10.0.0
  • 77ed79a Merge pull request #187 from postcss/update-deps
  • 687f29f Bump to 9.1.0
  • c21fca9 Merge pull request #170 from JohnAlbin/pass-options-to-plugins
  • bd9d4c0 Merge pull request #186 from postcss/bump-postcss-load-config
  • 0f15414 Bump postcss-load-config
  • 83dcfcd Merge branch 'main' into pass-options-to-plugins
  • 70dfabe Release 9.0.1
  • 5d3bf7a Merge pull request #176 from postcss/switch-to-github-workflows
  • 22e8c3a Switch to github workflow for testing
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump js-yaml, cssnano and gulp-postcss
cc5bfac 
Removes [js-yaml](https://github.com/nodeca/js-yaml). It's no longer used after updating ancestor dependencies [js-yaml](https://github.com/nodeca/js-yaml), [cssnano](https://github.com/cssnano/cssnano) and [gulp-postcss](https://github.com/postcss/gulp-postcss). These dependencies need to be updated together.


Removes `js-yaml`

Updates `cssnano` from 4.1.10 to 7.1.2
- [Release notes](https://github.com/cssnano/cssnano/releases)
- [Commits](https://github.com/cssnano/cssnano/compare/v4.1.10...cssnano@7.1.2)

Updates `gulp-postcss` from 8.0.0 to 10.0.0
- [Release notes](https://github.com/postcss/gulp-postcss/releases)
- [Commits](postcss/gulp-postcss@8.0.0...10.0.0)

---
updated-dependencies:
- dependency-name: js-yaml
  dependency-version: 
  dependency-type: indirect
- dependency-name: cssnano
  dependency-version: 7.1.2
  dependency-type: direct:development
- dependency-name: gulp-postcss
  dependency-version: 10.0.0
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Nov 16, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant