[Security] Bump @adobe/css-tools from 4.3.1 to 4.3.2 (!102) · Merge requests · Incubateur des territoires - ANCT / Services numériques / Données et Territoires / catalogue-indicateurs

DependabotCatalogueIndicateurs requested to merge dependabot-npm_and_yarn-adobe-css-tools-4.3.2 into develop Dec 01, 2023

Bumps @adobe/css-tools from 4.3.1 to 4.3.2. This update includes a security fix.

Vulnerabilities fixed

@adobe/css-tools Improper Input Validation and Inefficient Regular Expression Complexity

Impact

@adobe/css-tools version 4.3.1 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS.

Patches

The issue has been resolved in 4.3.2.

Workarounds

None

References

N/A

Patched versions: 4.3.2 Affected versions: < 4.3.2

Changelog

Sourced from @adobe/css-tools's changelog.

4.3.2 / 2023-11-28

Fix redos vulnerability with specific crafted css string - CVE-2023-48631

Fix Problem parsing with :is() and nested :nth-child() #211

Commits

See full diff in compare view

[Security] Bump @adobe/css-tools from 4.3.1 to 4.3.2

Impact

Patches

Workarounds

References

4.3.2 / 2023-11-28

Merge request reports