node-postcss (8.2.1+~cs5.3.23-8+deb11u1) bullseye-security; urgency=medium

  * Team upload
  * Fix CVE-2021-23566: Nanoid was vulnerable to Information
    Exposure via the valueOf() function which allows to
    reproduce the last id generated.
  * Fix CVE-2023-44270 (Closes: #1053282)
    The vulnerability affects linters
    using PostCSS to parse external untrusted CSS.
    An attacker can prepare CSS in such a way that it will
    contains parts parsed by PostCSS as a CSS comment.
    After processing by PostCSS, it will be included in
    the PostCSS output in CSS nodes (rules, properties)
    despite being included in a comment.
  * Fix CVE-2024-55565:
    nanoid (aka Nano ID) a subcomponent of this package
    mishandles non-integer values that could lead to DoS
    by infinite loop.

 -- Bastien Roucariès <rouca@debian.org>  Thu, 26 Dec 2024 21:48:59 +0000

node-postcss (8.2.1+~cs5.3.23-8) unstable; urgency=medium

  * Team upload
  * Add missing `set -e` in security test

 -- Yadd <yadd@debian.org>  Thu, 29 Apr 2021 10:44:29 +0200

node-postcss (8.2.1+~cs5.3.23-7) unstable; urgency=medium

  * Team upload
  * Fix ReDoS (Closes: CVE-2021-23382)
  * Add autopkgtest files for CVE-2021-23368 and CVE-2021-23382

 -- Yadd <yadd@debian.org>  Thu, 29 Apr 2021 10:24:48 +0200

node-postcss (8.2.1+~cs5.3.23-6) unstable; urgency=medium

  * Team upload
  * Fix ReDoS vulnerability (Closes: CVE-2021-23368)

 -- Yadd <yadd@debian.org>  Wed, 14 Apr 2021 21:43:54 +0200

node-postcss (8.2.1+~cs5.3.23-5) unstable; urgency=medium

  * Update Breaks: node-css-loader (<< 5.0.1+~cs14.0.5-1~)

 -- Pirate Praveen <praveen@debian.org>  Wed, 30 Dec 2020 13:43:52 +0530

node-postcss (8.2.1+~cs5.3.23-4) unstable; urgency=medium

  * Add Breaks: node-postcss-reporter (<< 7.0~)

 -- Pirate Praveen <praveen@debian.org>  Sat, 26 Dec 2020 20:33:28 +0530

node-postcss (8.2.1+~cs5.3.23-3) unstable; urgency=medium

  * Add Breaks node-autoprefixer (<< 10.0~)

 -- Pirate Praveen <praveen@debian.org>  Sat, 26 Dec 2020 17:20:13 +0530

node-postcss (8.2.1+~cs5.3.23-2) unstable; urgency=medium

  * Add Breaks against packages that need a newver version
  * Bump Standards-Version to 4.5.1 (no changes needed)

 -- Pirate Praveen <praveen@debian.org>  Thu, 24 Dec 2020 22:23:01 +0530

node-postcss (8.2.1+~cs5.3.23-1) experimental; urgency=medium

  * Use ctype=nodejs and checksum options for components
  * New upstream version 8.2.1+~cs5.3.23

 -- Pirate Praveen <praveen@debian.org>  Sat, 19 Dec 2020 22:28:27 +0530

node-postcss (8.0.5-1) experimental; urgency=medium

  * New upstream version 8.0.5
  * Upstream supports node without transpiling so remove build steps
  * Drop unused embedded modules
  * Update copyright and dependencies
  * Embed colorette, line-column and nanoid
  * Install embedded modules in nodejs root

 -- Pirate Praveen <praveen@debian.org>  Mon, 28 Sep 2020 14:46:25 +0530

node-postcss (7.0.34-1) unstable; urgency=medium

  * New upstream version 7.0.34

 -- Pirate Praveen <praveen@debian.org>  Sun, 20 Sep 2020 02:31:47 +0530

node-postcss (7.0.17-4) unstable; urgency=medium

  * Revert "Replace add-module-exports plugin with babel 7 version"

 -- Pirate Praveen <praveen@debian.org>  Sun, 10 May 2020 13:37:34 +0530

node-postcss (7.0.17-3) unstable; urgency=medium

  * Replace add-module-exports plugin with babel 7 version
    (@babel/plugin-proposal-export-default-from)

 -- Pirate Praveen <praveen@debian.org>  Sat, 09 May 2020 21:52:34 +0530

node-postcss (7.0.17-2) unstable; urgency=medium

  * Drop node-babel-plugin-precompile-charcodes from build deps

 -- Pirate Praveen <praveen@debian.org>  Fri, 08 May 2020 19:07:53 +0530

node-postcss (7.0.17-1) unstable; urgency=medium

  * New upstream version 7.0.17
  * Build with babel 7 (Closes: #958777, #959616)
  * Add work around to replace gulp:compile with babeljs-7 command

 -- Pirate Praveen <praveen@debian.org>  Mon, 04 May 2020 14:02:22 +0530

node-postcss (6.0.23-3) unstable; urgency=medium

  * Team upload
  * Replace deprecated run-sequence by gulp.series()

 -- Xavier Guimard <yadd@debian.org>  Mon, 23 Mar 2020 15:30:29 +0100

node-postcss (6.0.23-2) unstable; urgency=medium

  * Team upload
  * Bump debhelper compatibility level to 12
  * Declare compliance with policy 4.5.0
  * Add "Rules-Requires-Root: no"
  * Add debian/gbp.conf
  * Add upstream/metadata
  * Use pkg-js-tools auto install
  * Fix build for gulp 4 (Closes: #954708, #929811)
  * Update copyright

 -- Xavier Guimard <yadd@debian.org>  Mon, 23 Mar 2020 08:55:44 +0100

node-postcss (6.0.23-1) unstable; urgency=medium

  * New upstream version 6.0.23
  * Use salsa.debian.org in Vcs-* fields
  * Bump Standards-Version to 4.2.1 (no changes needed)
  * Bump debhelper compatibility level to 11

 -- Pirate Praveen <praveen@debian.org>  Sat, 10 Nov 2018 20:55:01 +0530

node-postcss (6.0.16-1) unstable; urgency=medium

  * New upstream release
  * Embed new build dependencies
  * Use gulp directly to build

 -- Pirate Praveen <praveen@debian.org>  Fri, 19 Jan 2018 17:32:23 +0530

node-postcss (6.0.11-2) unstable; urgency=medium

  * Move to main, all dependencies are in archive now
  * babel command is now babeljs

 -- Pirate Praveen <praveen@debian.org>  Thu, 19 Oct 2017 22:30:06 +0530

node-postcss (6.0.11-1) unstable; urgency=low

  * Initial release (Closes: #874668)

 -- Pirate Praveen <praveen@debian.org>  Fri, 08 Sep 2017 20:19:05 +0530