Skip to content

Bump postcss and next in /web#3

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/web/multi-e1ec9ed1d3
Open

Bump postcss and next in /web#3
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/web/multi-e1ec9ed1d3

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 9, 2026

Copy link
Copy Markdown

Bumps postcss to 8.5.15 and updates ancestor dependency next. These dependencies need to be updated together.

Updates postcss from 8.4.31 to 8.5.15

Release notes

Sourced from postcss's releases.

8.5.15

  • Fixed declaration parsing performance (by @​homanp).

8.5.14

8.5.13

  • Fixed postcss-scss commend regression.

8.5.12

  • Fixed reading any file via user-generated CSS.
  • Added opts.unsafeMap to disable checks.

8.5.11

  • Fixed nested brackets parsing performance (by @​offset).

8.5.10

  • Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

  • Speed up source map encoding paring in case of the error.

8.5.8

  • Fixed Processor#version.

8.5.7

  • Improved source map annotation cleaning performance (by CodeAnt AI).

8.5.6

  • Fixed ContainerWithChildren type discriminating (by @​Goodwine).

8.5.5

  • Fixed package.jsonexports compatibility with some tools (by @​JounQin).

8.5.4

8.5.3

8.5.2

8.5.1

8.5 “Duke Alloces”

... (truncated)

Changelog

Sourced from postcss's changelog.

8.5.15

  • Fixed declaration parsing performance (by @​homanp).

8.5.14

8.5.13

  • Fixed postcss-scss commend regression.

8.5.12

  • Fixed reading any file via user-generated CSS.
  • Added opts.unsafeMap to disable checks.

8.5.11

  • Fixed nested brackets parsing performance (by @​offset).

8.5.10

  • Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

  • Speed up source map encoding paring in case of the error.

8.5.8

  • Fixed Processor#version.

8.5.7

  • Improved source map annotation cleaning performance (by CodeAnt AI).

8.5.6

  • Fixed ContainerWithChildren type discriminating (by @​Goodwine).

8.5.5

  • Fixed package.jsonexports compatibility with some tools (by @​JounQin).

8.5.4

8.5.3

... (truncated)

Commits
  • eae46db Release 8.5.15 version
  • 79508ff Update CI actions
  • b128e21 Speed up declaration parsing by avoiding creating new array on each token
  • 9825dca Fix code format
  • 55789c8 Update dependencies
  • 84fbbe9 Install older pnpm action for old Node.js
  • 9f860bd Revert pnpm action for old Node.js
  • 0877198 Update CI actions
  • b2d1a33 Fix linter warnings
  • 0700dac Merge pull request #2088 from rootvector2/add-oss-fuzz-harness
  • Additional commits viewable in compare view

Updates next from 16.2.7 to 16.3.0-preview.0

Release notes

Sourced from next's releases.

v16.3.0-canary.46

Misc Changes

  • docs: clarify next-env.d.ts regeneration: #94232
  • docs: add updateTag example to cacheTag page: #94508
  • Remove experimental.useNodeStreams flag as it's enabled: #93938
  • Remove dead cacheComponents web streams path: #93944
  • [ci] Disable on-call notification if manual deploy e2e tests failed: #94554
  • Reduce new test concurrency to five: #94552
  • fix(dev-overlay): Tidy up issues/insight menu and tab overlay: #94549
  • [turbopack] Remove WebAssembly helpers from the default runtime: #94373
  • docs: clarify use cache persistence across deploys: #93554
  • enable eviction by default: #94452
  • docs: fix onRequestError error type example: #94518
  • docs: move insight error pages from vercel/front to canary: #94564

Credits

Huge thanks to @​SJvaca30, @​aurorascharff, @​timneutkens, @​eps1lon, @​sampoder, @​icyJoseph, @​lukesandberg, and @​danyalahmed1995 for helping!

v16.3.0-canary.45

Misc Changes

  • [turbopack] standardize chunk entry names for webpack and postcss loaders: #94256
  • Add global config to enable Partial Prefetching: #94448
  • Fix: Subtree hints not propagating correctly: #94489
  • Partial Prefetching: Default to App Shell only: #94510
  • Turbopack: refactor into get_next_client_transforms_rules: #94487
  • [cna] Use allowBuilds instead of ignoredBuiltDependencies when using PNPM 11+: #94544
  • Turbopack: content hash polyfill sourcemap file: #94548

Credits

Huge thanks to @​lukesandberg, @​acdlite, @​mischnic, and @​eps1lon for helping!

v16.3.0-canary.44

Misc Changes

  • Turbopack: remove EcmascriptParsable::parse_original: #94465
  • Turbopack: Add an experimental option for eviction: #94439
  • Specialize client hook prerender abort reasons: #94494
  • enable eviction on canary: #94451
  • Remove turbopackMemoryLimit it is dead: #94483
  • [turbopack] Enable Effects to be evicted: #94173

Credits

Huge thanks to @​lukesandberg and @​gnoff for helping!

v16.3.0-canary.43

... (truncated)

Commits
  • db6f864 v16.3.0-preview.0
  • 3b0746d [16.3.x-preview] Setup release branch (#94594)
  • a1c695a [turbopack] add an extension to trace files (#94587)
  • ea74495 disallow reads from .next-profiles (#94570)
  • 554a1e3 Fix Navigation Inspector Continue Rendering with loading.tsx (#94355)
  • 5b99d26 instant: polish client-hook overlay wording, cards, and docs links (#94496)
  • 6f4d94a Stream Cache Components dev render instead of restarting on cache miss (#94457)
  • 1e601b6 docs: add pnpm installation step to module-not-found error page (#93773)
  • ca2a022 docs: fix 'time zone' spelling in FOUC guide (#93244)
  • 4228478 Fix node:stream leak in webpack edge bundles (#94585)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [postcss](https://github.com/postcss/postcss) to 8.5.15 and updates ancestor dependency [next](https://github.com/vercel/next.js). These dependencies need to be updated together.


Updates `postcss` from 8.4.31 to 8.5.15
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.4.31...8.5.15)

Updates `next` from 16.2.7 to 16.3.0-preview.0
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](vercel/next.js@v16.2.7...v16.3.0-preview.0)

---
updated-dependencies:
- dependency-name: postcss
  dependency-version: 8.5.15
  dependency-type: indirect
- dependency-name: next
  dependency-version: 16.3.0-preview.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants