[Security] Bump @adobe/css-tools from 4.0.1 to 4.3.1 in /assets
Bumps @adobe/css-tools from 4.0.1 to 4.3.1. This update includes a security fix.
Vulnerabilities fixed
@adobe/css-tools
Regular Expression Denial of Service (ReDOS) while Parsing CSSImpact
@adobe/css-tools
version 4.3.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS.Patches
The issue has been resolved in 4.3.1.
Workarounds
None
References
N/A
Patched versions: 4.3.1 Affected versions: < 4.3.1
Changelog
Sourced from @adobe/css-tools
's changelog.
4.3.1 / 2023-03-14
- Fix redos vulnerability with specific crafted css string - CVE-2023-26364
4.3.0 / 2023-03-07
- Update build tools
- Update exports path and files
4.2.0 / 2023-02-21
- Add
@container
support- Add
@layer
support4.1.0 / 2023-01-25
- Support ESM Modules
4.0.2 / 2023-01-12
Commits
- See full diff in compare view