Bump postcss, css-loader, optimize-css-assets-webpack-plugin, postcss-import, postcss-loader and postcss-preset-env

[dependabot]

Bumps postcss to 8.5.15 and updates ancestor dependencies postcss, css-loader, optimize-css-assets-webpack-plugin, postcss-import, postcss-loader and postcss-preset-env. These dependencies need to be updated together.

Updates postcss from 7.0.14 to 8.5.15

Release notes

Sourced from postcss's releases.

8.5.15

• Fixed declaration parsing performance (by @​homanp).

8.5.14

• Fixed custom syntax regression (by @​43081j).

8.5.13

• Fixed postcss-scss commend regression.

8.5.12

• Fixed reading any file via user-generated CSS.
• Added opts.unsafeMap to disable checks.

8.5.11

• Fixed nested brackets parsing performance (by @​offset).

8.5.10

• Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

• Speed up source map encoding paring in case of the error.

8.5.8

• Fixed Processor#version.

8.5.7

• Improved source map annotation cleaning performance (by CodeAnt AI).

8.5.6

• Fixed ContainerWithChildren type discriminating (by @​Goodwine).

8.5.5

• Fixed package.json→exports compatibility with some tools (by @​JounQin).

8.5.4

• Fixed Parcel compatibility issue (by @​git-sumitchaudhary).

8.5.3

• Added more details to Unknown word error (by @​hiepxanh).
• Fixed types (by @​romainmenke).
• Fixed docs (by @​catnipan).

8.5.2

• Fixed end position of rules with semicolon (by @​romainmenke).

8.5.1

• Fixed backwards compatibility for complex cases (by @​romainmenke).

8.5 “Duke Alloces”

... (truncated)

Changelog

Sourced from postcss's changelog.

8.5.15

• Fixed declaration parsing performance (by @​homanp).

8.5.14

• Fixed custom syntax regression (by @​43081j).

8.5.13

• Fixed postcss-scss commend regression.

8.5.12

• Fixed reading any file via user-generated CSS.
• Added opts.unsafeMap to disable checks.

8.5.11

• Fixed nested brackets parsing performance (by @​offset).

8.5.10

• Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

• Speed up source map encoding paring in case of the error.

8.5.8

• Fixed Processor#version.

8.5.7

• Improved source map annotation cleaning performance (by CodeAnt AI).

8.5.6

• Fixed ContainerWithChildren type discriminating (by @​Goodwine).

8.5.5

• Fixed package.json→exports compatibility with some tools (by @​JounQin).

8.5.4

• Fixed Parcel compatibility issue (by @​git-sumitchaudhary).

8.5.3

... (truncated)

Commits

• eae46db Release 8.5.15 version
• 79508ff Update CI actions
• b128e21 Speed up declaration parsing by avoiding creating new array on each token
• 9825dca Fix code format
• 55789c8 Update dependencies
• 84fbbe9 Install older pnpm action for old Node.js
• 9f860bd Revert pnpm action for old Node.js
• 0877198 Update CI actions
• b2d1a33 Fix linter warnings
• 0700dac Merge pull request #2088 from rootvector2/add-oss-fuzz-harness
• Additional commits viewable in compare view

Updates css-loader from 3.0.0 to 7.1.4

Release notes

Sourced from css-loader's releases.

v7.1.4

7.1.4 (2026-02-16)

Bug Fixes

• update peer dependency for @​rspack/core v2 (#1652) (aeddefe)

v7.1.3

7.1.3 (2026-01-27)

Bug Fixes

• allow to use module class name (#1649) (01869bc)
• use official createHash for hashes (#1618) (06587e5)
• use official hash* options for hashes (#1619) (9544c3e)

v7.1.2

7.1.2 (2024-05-22)

Bug Fixes

• keep order of @imports with the webpackIgnore comment (#1600) (76757ef)

v7.1.1

7.1.1 (2024-04-10)

Bug Fixes

• automatically rename class default to _default when named export is enabled (#1590) (d6c31a1)

v7.1.0

7.1.0 (2024-04-08)

Features

• added the getJSON option to output CSS modules mapping (#1577) (af834b4)

v7.0.0

7.0.0 (2024-04-04)

⚠ BREAKING CHANGES

• The modules.namedExport option is true by default if you enable the esModule option

... (truncated)

Changelog

Sourced from css-loader's changelog.

7.1.4 (2026-02-16)

Bug Fixes

• update peer dependency for @​rspack/core v2 (#1652) (aeddefe)

7.1.3 (2026-01-27)

Bug Fixes

• allow to use module class name (#1649) (01869bc)
• use official createHash for hashes (#1618) (06587e5)
• use official hash* options for hashes (#1619) (9544c3e)

7.1.2 (2024-05-22)

Bug Fixes

• keep order of @imports with the webpackIgnore comment (#1600) (76757ef)

7.1.1 (2024-04-10)

Bug Fixes

• automatically rename class default to _default when named export is enabled (#1590) (d6c31a1)

7.1.0 (2024-04-08)

Features

• added the getJSON option to output CSS modules mapping (#1577) (af834b4)

7.0.0 (2024-04-04)

⚠ BREAKING CHANGES

• The modules.namedExport option is true by default if you enable the esModule option

Migration guide:

Before:

import style from "./style.css";
</tr></table> 

... (truncated)

Commits

• 5b795af chore(release): 7.1.4
• aeddefe fix: update peer dependency for @​rspack/core v2 (#1652)
• b2b2de7 chore(release): 7.1.3
• 01869bc fix: allow to use module class name (#1649)
• 7dd15ec chore(deps): bump js-yaml (#1648)
• db26202 chore(deps-dev): bump lodash from 4.17.21 to 4.17.23 (#1647)
• 7daf1b8 Update CONTRIBUTING link to point to GitHub page
• de1e633 chore: correct link path (#1645)
• 563ad63 chore: migrate from contrib and swap branches (#1644)
• e68bf7e chore: update github actions/checkout from v4 to v5 (#1642)
• Additional commits viewable in compare view

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Updates optimize-css-assets-webpack-plugin from 5.0.1 to 6.0.1

Commits

• e896b97 6.0.1
• 24ed912 fix: cve in dependencies
• 29c44fb 6.0.0
• 51313e4 feat(deps): upgrade cssnano and postcss major version
• 3e6a04c 5.0.6
• 9567391 fix: previous version breaking changes (#156)
• 09d29b3 5.0.5
• d0a7da7 feat(deps): update dependencies (#154)
• 41d1e23 Redirect to css-minimizer-webpack-plugin for webpack 5 or above
• e9b84f1 5.0.4
• Additional commits viewable in compare view

Updates postcss-import from 12.0.1 to 16.1.1

Release notes

Sourced from postcss-import's releases.

14.0.0 / 2020-12-14

This release should not have breaking changes for the vast majority of users; only those with @charset statements in their CSS may be affected.

• BREAKING: Error if multiple incompatible @charset statements (#447)
• BREAKING: Warn if @charset statements are not at the top of files (#447)
• Fix handing of @charset (#436, #447)

13.0.0 / 2020-10-20

• BREAKING: Require Node 10+ (#429)
• BREAKING: Upgrade to postcss v8 and require it as a peerDependency (#427, #432)
• Update dependencies

Changelog

Sourced from postcss-import's changelog.

16.1.1 / 2025-06-17

• Fix incorrect cascade layer order when some resources can not be inlined (#567, #574)

16.1.0 / 2024-03-20

• Allow bundling URLs with fragments (useful for Vite users) (#560, #561)

16.0.1 / 2024-02-14

• Fix crash when handling some @imports with media conditions (#557, #558)

16.0.0 / 2024-01-02

• BREAKING: Require Node.js v18+ (#550, #551)
• BREAKING: Signifigant rewrite, with small behavioral tweaks in a number of edge cases
• Support for @supports conditional imports added (#532, #548)
• When skipDuplicates is false, handles import cycles correctly (#462, #535)
• Add warnOnEmpty option to allow disabling warnings for empty files (#84, #541)
• Use proper node.errors (#518, #540)

Huge thanks to @romainmenke for all the hard work he put into this release.

15.1.0 / 2022-12-07

• Add data: URL support (this is not useful for most consumers) (#515)

15.0.1 / 2022-12-01

• Preserve layer in ignored @imports (#510, #511)
• Join media queries in the correct order (#512, #513)

15.0.0 / 2022-08-30

• BREAKING: Require Node.js v14+ (#497)
• BREAKING: Require nameLayer option for handling anonymous layers (#496)
• Fix handling of @media queries inside layered imports (#495, #496)

14.1.0 / 2022-03-22

• Add @layer support (#483)

14.0.2 / 2021-05-10

• Remove remaining direct import of postcss package (#455, #456)

14.0.1 / 2021-03-31

• Fix bug with @charset statements in media imports (#448, #453)

... (truncated)

Commits

• 4ae9894 16.1.1
• a3f3889 Test on modern Node versions (#577)
• 10325fc Upgrade eslint & config; use flat config (#576)
• 9227642 Migrate config renovate.json (#575)
• 2544155 Update dependency prettier to ~3.5.0 (#572)
• 83108aa Fix incorrect cascade layer order when some resources can not be inlined (#574)
• cad0022 Update dependency sugarss to v5 (#568)
• 32deb08 Update dependency c8 to v10 (#565)
• d43ca15 Update dependency prettier to ~3.4.0 (#569)
• 9af465e Update dependency prettier to ~3.3.0 (#564)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by romainmenke, a new releaser for postcss-import since your current version.

Updates postcss-loader from 3.0.0 to 8.2.1

Release notes

Sourced from postcss-loader's releases.

v8.2.1

8.2.1 (2026-02-15)

Bug Fixes

• update peer dependency for @​rspack/core v2 (#717) (a3ed7e2)

v8.2.0

8.2.0 (2025-09-01)

Features

• update jiti from v1 to v2 (9c74974)

v8.1.1

8.1.1 (2024-02-28)

Bug Fixes

• respect default when loading postcss esm configs (52d8050)

v8.1.0

8.1.0 (2024-01-30)

Features

• add @rspack/core as an optional peer dependency (#679) (512e4c3)

v8.0.0

8.0.0 (2024-01-16)

⚠ BREAKING CHANGES

• minimum supported Node.js version is 18.12.0 (#677) (8dd0315)

v7.3.4

7.3.4 (2023-12-27)

Bug Fixes

• do not crash if pkg.(d|devD)ependencies unset (#667) (8ef0c7e)

v7.3.3

7.3.3 (2023-06-10)

... (truncated)

Changelog

Sourced from postcss-loader's changelog.

8.2.1 (2026-02-15)

Bug Fixes

• update peer dependency for @​rspack/core v2 (#717) (a3ed7e2)

8.2.0 (2025-09-01)

Features

• update jiti from v1 to v2 (9c74974)

8.1.1 (2024-02-28)

Bug Fixes

• respect default when loading postcss esm configs (52d8050)

8.1.0 (2024-01-30)

Features

• add @rspack/core as an optional peer dependency (#679) (512e4c3)

8.0.0 (2024-01-16)

⚠ BREAKING CHANGES

• minimum supported Node.js version is 18.12.0 (#677) (8dd0315)

7.3.4 (2023-12-27)

Bug Fixes

• do not crash if pkg.(d|devD)ependencies unset (#667) (8ef0c7e)

7.3.3 (2023-06-10)

Bug Fixes

• perf: avoid using klona for postcss options (#658) (e754c3f)
• bug with loading configurations after updating cosmiconfig to version 8.2 (684d265)

... (truncated)

Commits

• 583677e chore(release): 8.2.1
• a3ed7e2 fix: update peer dependency for @​rspack/core v2 (#717)
• c984ff4 test: fix (#715)
• cc01d2b ci: fix
• d4faa34 docs: update contributing
• b1e4fa5 chore: correct link (#713)
• d990168 chore: migration to main org and branch (#712)
• 522a07d chore(release): 8.2.0
• 9c74974 feat: update jiti from v1 to v2
• 5a781e5 chore: update github actions/checkout from v4 to v5 (#709)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by evilebottnawi, a new releaser for postcss-loader since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Updates postcss-preset-env from 6.6.0 to 11.3.0

Changelog

Sourced from postcss-preset-env's changelog.

11.3.0

May 13, 2026

• Added @csstools/postcss-container-rule-prelude-list Check the plugin README for usage details.
• Added @csstools/postcss-image-function Check the plugin README for usage details.
• Updated cssdb to 8.9.0

11.2.1

April 12, 2026

• Updated @csstools/css-color-parser to 4.1.0 (minor)
• Updated @csstools/css-calc to 3.2.0 (minor)

11.2.0

February 21, 2026

• Added @csstools/postcss-font-width-property Check the plugin README for usage details.
• Updated cssdb to 8.8.0

11.1.3

February 6, 2026

• Updated @csstools/postcss-text-decoration-shorthand to 5.0.2 (patch)

11.1.2

January 25, 2026

• Updated @csstools/postcss-normalize-display-values to 5.0.1 (patch)
• Updated @csstools/color-helpers to 6.0.1 (patch)

11.1.1

January 15, 2026

• Updated @csstools/postcss-alpha-function to 2.0.1 (patch)

11.1.0

January 14, 2026

• Added @csstools/postcss-mixins Check the plugin README for usage details.
• Updated cssdb to 8.7.0

11.0.1

... (truncated)

Commits

• See full diff in compare view

Maintainer changes

This version was pushed to npm by romainmenke, a new releaser for postcss-preset-env since your current version.