Skip to content
Snippets Groups Projects

[Security] Bump @adobe/css-tools from 4.3.1 to 4.3.2

Merged
Ghost Userrequested to merge
dependabot-npm_and_yarn-adobe-css-tools-4.3.2 into main

Bumps @adobe/css-tools from 4.3.1 to 4.3.2. This update includes a security fix.

Vulnerabilities fixed

@​adobe/css-tools Improper Input Validation and Inefficient Regular Expression Complexity

Impact

@​adobe/css-tools version 4.3.1 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS.

Patches

The issue has been resolved in 4.3.2.

Workarounds

None

References

N/A

Patched versions: 4.3.2 Affected versions: < 4.3.2

Changelog

Sourced from @​adobe/css-tools's changelog.

4.3.2 / 2023-11-28

  • Fix redos vulnerability with specific crafted css string - CVE-2023-48631
  • Fix Problem parsing with :is() and nested :nth-child() #211
Commits

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
Please register or sign in to reply