Build(deps-dev): [Security] Bump @adobe/css-tools from 4.3.1 to 4.3.2 in /ui (!795) · Merge requests · Données et territoires / insitu

Ronan Amicel requested to merge dependabot-npm_and_yarn-ui-adobe-css-tools-4.3.2 into main Dec 01, 2023

Bumps @adobe/css-tools from 4.3.1 to 4.3.2. This update includes a security fix.

Vulnerabilities fixed

@adobe/css-tools Improper Input Validation and Inefficient Regular Expression Complexity

Impact

@adobe/css-tools version 4.3.1 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS.

Patches

The issue has been resolved in 4.3.2.

Workarounds

None

References

N/A

Patched versions: 4.3.2 Affected versions: < 4.3.2

Changelog

Sourced from @adobe/css-tools's changelog.

4.3.2 / 2023-11-28

Fix redos vulnerability with specific crafted css string - CVE-2023-48631

Fix Problem parsing with :is() and nested :nth-child() #211

Commits

See full diff in compare view

Build(deps-dev): [Security] Bump @adobe/css-tools from 4.3.1 to 4.3.2 in /ui

Impact

Patches

Workarounds

References

4.3.2 / 2023-11-28

Merge request reports