[Snyk] Upgrade postcss from 8.4.8 to 8.4.49

[X-oss-byte]

Snyk has created this PR to upgrade postcss from 8.4.8 to 8.4.49.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 41 versions ahead of your current version.

• The recommended version was released on a month ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Improper Input Validation SNYK-JS-POSTCSS-5926692	479	No Known Exploit

Release notes

Package name: postcss

• 8.4.49 - 2024-11-11
  
  • Fixed custom syntax without source.offset (by @ romainmenke).
• 8.4.48 - 2024-11-10
  
  • Fixed position calculation in error/warnings methods (by @ romainmenke).
• 8.4.47 - 2024-09-14
  
  • Removed debug code.
• 8.4.46 - 2024-09-14
  
  • Fixed Cannot read properties of undefined (reading 'before').
• 8.4.45 - 2024-09-04
  
  • Removed unnecessary fix which could lead to infinite loop.
• 8.4.44 - 2024-09-02
  
  • Another way to fix markClean is not a function error.
• 8.4.43 - 2024-09-01
  
  • Fixed markClean is not a function error.
• 8.4.42 - 2024-08-31
  
  • Fixed CSS syntax error on long minified files (by @ varpstar).
• 8.4.41 - 2024-08-05
  
  • Fixed types (by @ nex3 and @ querkmachine).
  • Cleaned up RegExps (by @ bluwy).
• 8.4.40 - 2024-07-24
  
  • Moved to getter/setter in nodes types to help Sass team (by @ nex3).
• 8.4.39 - 2024-06-29
• 8.4.38 - 2024-03-20
• 8.4.37 - 2024-03-19
• 8.4.36 - 2024-03-17
• 8.4.35 - 2024-02-07
• 8.4.34 - 2024-02-05
• 8.4.33 - 2024-01-04
• 8.4.32 - 2023-12-02
• 8.4.31 - 2023-09-28
• 8.4.30 - 2023-09-18
• 8.4.29 - 2023-08-29
• 8.4.28 - 2023-08-15
• 8.4.27 - 2023-07-21
• 8.4.26 - 2023-07-13
• 8.4.25 - 2023-07-06
• 8.4.24 - 2023-05-28
• 8.4.23 - 2023-04-19
• 8.4.22 - 2023-04-16
• 8.4.21 - 2023-01-06
• 8.4.20 - 2022-12-11
• 8.4.19 - 2022-11-10
• 8.4.18 - 2022-10-12
• 8.4.17 - 2022-09-30
• 8.4.16 - 2022-08-06
• 8.4.15 - 2022-08-06
• 8.4.14 - 2022-05-18
• 8.4.13 - 2022-04-30
• 8.4.12 - 2022-03-16
• 8.4.11 - 2022-03-15
• 8.4.10 - 2022-03-15
• 8.4.9 - 2022-03-15
• 8.4.8 - 2022-03-07

from postcss GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Summary by Sourcery

Build:

• Upgrade postcss dependency from version 8.4.8 to 8.4.49 in package.json.

[stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 2d3fb3f

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[sourcery-ai]

Reviewer's Guide by Sourcery

This PR upgrades the postcss dependency from version 8.4.8 to 8.4.49 to address a medium severity security vulnerability (Improper Input Validation - SNYK-JS-POSTCSS-5926692). The upgrade spans 41 versions and includes various bug fixes and improvements.

No diagrams generated as the changes look simple and do not need a visual representation.

File-Level Changes

Change	Details	Files
Update postcss dependency version in package configuration files	Update postcss version from ^8.0.0 to ^8.4.49 in package.json Update corresponding package-lock.json to reflect the new version	lib/modules/manager/npm/post-update/__fixtures__/update-lockfile-massage-1/package.json lib/modules/manager/npm/post-update/__fixtures__/update-lockfile-massage-1/package-lock.json
Security vulnerability fix implementation	Address medium severity Improper Input Validation vulnerability (SNYK-JS-POSTCSS-5926692) Implement fixes for custom syntax handling and position calculation in error/warnings methods Include various bug fixes and improvements from intermediate versions	lib/modules/manager/npm/post-update/__fixtures__/update-lockfile-massage-1/package.json

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time. You can also use
  this command to specify where the summary should be inserted.

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

We have skipped reviewing this pull request. It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!