Bump postcss, stylelint, stylelint-config-mirego and stylelint-order

[dependabot]

Bumps postcss, stylelint, stylelint-config-mirego and stylelint-order. These dependencies needed to be updated together.
Updates postcss from 8.4.31 to 8.5.10

Release notes

Sourced from postcss's releases.

8.5.10

• Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

• Speed up source map encoding paring in case of the error.

8.5.8

• Fixed Processor#version.

8.5.7

• Improved source map annotation cleaning performance (by CodeAnt AI).

8.5.6

• Fixed ContainerWithChildren type discriminating (by @​Goodwine).

8.5.5

• Fixed package.json→exports compatibility with some tools (by @​JounQin).

8.5.4

• Fixed Parcel compatibility issue (by @​git-sumitchaudhary).

8.5.3

• Added more details to Unknown word error (by @​hiepxanh).
• Fixed types (by @​romainmenke).
• Fixed docs (by @​catnipan).

8.5.2

• Fixed end position of rules with semicolon (by @​romainmenke).

8.5.1

• Fixed backwards compatibility for complex cases (by @​romainmenke).

8.5 “Duke Alloces”

PostCSS 8.5 brought API to work better with non-CSS sources like HTML, Vue.js/Svelte sources or CSS-in-JS.

@​romainmenke during his work on Stylelint added Input#document in additional to Input#css.

root.source.input.document //=> "<p>Hello</p>
                           //    <style>
                           //    p {
                           //      color: green;
                           //    }
                           //    </style>"
root.source.input.css      //=> "p {
                           //      color: green;
                           //    }"
</tr></table>

... (truncated)

Changelog

Sourced from postcss's changelog.

8.5.10

• Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

8.5.9

• Speed up source map encoding paring in case of the error.

8.5.8

• Fixed Processor#version.

8.5.7

• Improved source map annotation cleaning performance (by CodeAnt AI).

8.5.6

• Fixed ContainerWithChildren type discriminating (by @​Goodwine).

8.5.5

• Fixed package.json→exports compatibility with some tools (by @​JounQin).

8.5.4

• Fixed Parcel compatibility issue (by @​git-sumitchaudhary).

8.5.3

• Added more details to Unknown word error (by @​hiepxanh).
• Fixed types (by @​romainmenke).
• Fixed docs (by @​catnipan).

8.5.2

• Fixed end position of rules with semicolon (by @​romainmenke).

8.5.1

• Fixed backwards compatibility for complex cases (by @​romainmenke).

8.5 “Duke Alloces”

• Added Input#document for sources like CSS-in-JS or HTML (by @​romainmenke).

8.4.49

• Fixed custom syntax without source.offset (by @​romainmenke).

... (truncated)

Commits

• 33b9790 Release 8.5.10 version
• 536c79e Escape </style> in CSS output (#2074)
• afa96b2 Update dependencies (#2073)
• effe88b Typo (#2072)
• 3ee79a2 Thread model (#2071)
• 2e0683d Create incident response docs (#2070)
• fe88ac2 Release 8.5.9 version
• c551632 Avoid RegExp when we can use simple JS
• 89a6b74 Move SECURITY.txt for docs folder to keep GitHub page cleaner
• 6ceb8a4 Create SECURITY.md
• Additional commits viewable in compare view

Updates stylelint from 13.13.1 to 17.9.0

Release notes

Sourced from stylelint's releases.

17.9.0

It adds 3 new features. Adding the referenceFiles property to your configuration object makes the no-unknown-animations, no-unknown-custom-media and no-unknown-custom-properties rules more useful.

• Added: experimental referenceFiles to configuration object (#9179) (@​jeddy3).
• Added: experimental abortSignal option to Node.js API for cancellation support (#9213) (@​adalinesimonian).
• Added: maxWarnings to configuration object (#9181) (@​mrginglymus).

17.8.0

It adds 3 new rules and 1 configuration property.

• Added: languageOptions.directionality configuration property (#8687) (@​sw1tch3roo).
• Added: property-layout-mappings rule (#8687) (@​sw1tch3roo).
• Added: relative-selector-nesting-notation rule (#8730) (@​sw1tch3roo).
• Added: selector-no-deprecated rule (#8694) (@​immitsu).

17.7.0

It fixes 4 bugs, including clearer problem messages by removing filler words and leading with the problem. We've also released 1.0.0 of create-stylelint to help with first-time Stylelint setup.

• Fixed: clarity of problem messages (#9199) (@​jeddy3).
• Fixed: --print-config CLI flag to hide internal properties (#9194) (@​ybiquitous).
• Fixed: function-url-quotes false positives when URLs have modifiers (#8702) (@​immitsu).
• Fixed: selector-no-qualifying-type false positives for :has() (#9182) (@​romainmenke).

17.6.0

It adds support for extending units in languageOptions, which then apply to rules like declaration-property-value-no-unknown, and fixes 2 bugs.

• Added: support for extending units to languageOptions (#9166) (@​jeddy3).
• Fixed: missing ruleMetadata when linting multiple files with overrides (#9154) (@​kovsu).
• Fixed: custom-property-no-missing-var-function false positives for timeline-scope and animation-timeline (#9164) (@​splincode).

17.5.0

It deprecates two rule options, adds 1 rule option and fixes 7 bugs. We've also released 2.1.0 of our VS Code extension, which adds 8 new requested features, and our first release of the Stylelint Language Server.

• Deprecated: *syntax options from declaration-property-value-no-unknown (#9102) (@​ragini-pandey).
• Added: ignoreMediaFeatureNameValues: {} to media-feature-name-value-no-unknown (#8976) (@​kovsu).
• Fixed: node_modules not ignored when using codeFilename in Node.js API (#9130) (@​adalinesimonian).
• Fixed: Error TS7016 for imported css-tree types (#9133) (@​ragini-pandey).
• Fixed: declaration-property-value-keyword-no-deprecated false positives for function arguments (#9116) (@​ragini-pandey).
• Fixed: declaration-property-value-no-unknown false positives for calc-size() containing size keyword (#9105) (@​hriztam).
• Fixed: no-descending-specificity & no-duplicate-selectors false negatives for equivalent compound selectors (#8977) (@​kovsu).
• Fixed: no-invalid-position-declaration false positives for @mixin and @scope (#9120) (@​ragini-pandey).
• Fixed: property-no-unknown false negatives for types (#9117) (@​Mouvedia).

17.4.0

It adds 2 options to the rules and fixes 7 bugs.

• Added: ignoreAtRules: [] to at-rule-no-vendor-prefix (#9096) (@​theacrat).
• Added: ignoreMediaFeatureNames: [] to media-feature-name-no-vendor-prefix (#9097) (@​theacrat).
• Fixed: performance of selector cloning rules (#9089) (@​jeddy3).
• Fixed: *-empty-line-before performance (#9092) (@​jeddy3).

... (truncated)

Changelog

Sourced from stylelint's changelog.

17.9.0 - 2026-04-23

It adds 3 new features. Adding the referenceFiles property to your configuration object makes the no-unknown-animations, no-unknown-custom-media and no-unknown-custom-properties rules more useful.

• Added: experimental referenceFiles to configuration object (#9179) (@​jeddy3).
• Added: experimental abortSignal option to Node.js API for cancellation support (#9213) (@​adalinesimonian).
• Added: maxWarnings to configuration object (#9181) (@​mrginglymus).

17.8.0 - 2026-04-15

It adds 3 new rules and 1 configuration property.

• Added: languageOptions.directionality configuration property (#8687) (@​sw1tch3roo).
• Added: property-layout-mappings rule (#8687) (@​sw1tch3roo).
• Added: relative-selector-nesting-notation rule (#8730) (@​sw1tch3roo).
• Added: selector-no-deprecated rule (#8694) (@​immitsu).

17.7.0 - 2026-04-12

It fixes 4 bugs, including clearer problem messages by removing filler words and leading with the problem. We've also released 1.0.0 of create-stylelint to help with first-time Stylelint setup.

• Fixed: clarity of problem messages (#9199) (@​jeddy3).
• Fixed: --print-config CLI flag to hide internal properties (#9194) (@​ybiquitous).
• Fixed: function-url-quotes false positives when URLs have modifiers (#8702) (@​immitsu).
• Fixed: selector-no-qualifying-type false positives for :has() (#9182) (@​romainmenke).

17.6.0 - 2026-03-26

It adds support for extending units in languageOptions, which then apply to rules like declaration-property-value-no-unknown, and fixes 2 bugs.

• Added: support for extending units to languageOptions (#9166) (@​jeddy3).
• Fixed: missing ruleMetadata when linting multiple files with overrides (#9154) (@​kovsu).
• Fixed: custom-property-no-missing-var-function false positives for timeline-scope and animation-timeline (#9164) (@​splincode).

17.5.0 - 2026-03-19

It deprecates two rule options, adds 1 rule option and fixes 7 bugs. We've also released 2.1.0 of our VS Code extension, which adds 8 new requested features, and our first release of the Stylelint Language Server.

• Deprecated: *syntax options from declaration-property-value-no-unknown (#9102) (@​ragini-pandey).
• Added: ignoreMediaFeatureNameValues: {} to media-feature-name-value-no-unknown (#8976) (@​kovsu).
• Fixed: node_modules not ignored when using codeFilename in Node.js API (#9130) (@​adalinesimonian).
• Fixed: Error TS7016 for imported css-tree types (#9133) (@​ragini-pandey).
• Fixed: declaration-property-value-keyword-no-deprecated false positives for function arguments (#9116) (@​ragini-pandey).
• Fixed: declaration-property-value-no-unknown false positives for calc-size() containing size keyword (#9105) (@​hriztam).
• Fixed: no-descending-specificity & no-duplicate-selectors false negatives for equivalent compound selectors (#8977) (@​kovsu).
• Fixed: no-invalid-position-declaration false positives for @mixin and @scope (#9120) (@​ragini-pandey).
• Fixed: property-no-unknown false negatives for types (#9117) (@​Mouvedia).

17.4.0 - 2026-02-25

... (truncated)

Commits

• cee404b Release 17.9.0 (#9242)
• b0af5ae Bump prettier from 3.8.1 to 3.8.3 (#9240)
• e2c2c43 Bump eslint-plugin-jest from 29.15.1 to 29.15.2 in the eslint group (#9239)
• 68d008e Bump @​csstools/css-syntax-patches-for-csstree from 1.1.2 to 1.1.3 in the csst...
• 5ad7ffb Bump @​csstools/css-calc from 3.1.1 to 3.2.0 in the csstools-parser group (#9237)
• f16ef5e Bump actions/upload-artifact from 7.0.0 to 7.0.1 (#9235)
• a0b3c5a Bump actions/github-script from 8.0.0 to 9.0.0 (#9236)
• fb2efec Add abortSignal option to Node.js API for cancellation support (#9213)
• 84f2c6b Document Netlify hosting badge (#9218)
• 5b45245 Add maxWarnings to configuration object (#9181)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for stylelint since your current version.

Install script changes

This version adds postprepare script and modifies prepare script that run during installation. Review the package contents before updating.

Updates stylelint-config-mirego from 2.0.0 to 2.3.0

Commits

• 86dc67d v2.3.0
• d69a050 Merge pull request #16 from mirego/use-keyword-support
• f90bc16 Support the @​use keyword
• a8f6a62 v2.2.0
• 94aff2d Enable Stylelint 15 support (#13)
• 57ca941 Merge pull request #12 from mirego/chore/update-deps
• bde15e2 Update stylelint & stylelint-order versions
• See full diff in compare view

Updates stylelint-order from 4.1.0 to 8.1.1

Release notes

Sourced from stylelint-order's releases.

8.1.1

• Fixed false positives for non-standard CSS (e.g. SCSS) in <style> tags, when using postcss-html custom syntax

8.1.0

• Added custom-properties-alphabetical-order rule

8.0.0

• Added limited autofix for properties in rules containing interpolation in CSS-in-JS syntax. Previosly such rules were ignored by autofix. Now groups of properties are sorted. See postcss-sorting documentation for an example.

7.0.1

• Added support for Stylelint 17

7.0.0

• Dropped Node.js 18 support
• Dropped support for Stylelint older than 16.18.0
• Changed: Ignore properties case for properties-order and properties-alphabetical-order
• Added support for more properties shorthands
• Fixed order autofix not applied, when Stylelint disable comments are present
• Fixed properties-alphabetical-order autofix not applied, when Stylelint disable comments are present
• Fixed properties-order autofix not applied, when Stylelint disable comments are present
• Fixed: Don't apply properties-alphabetical-order autofixing if there are no violations
• Fixed: Report warnings if they weren't fixed by autofix in properties-alphabetical-order

6.0.4

• Added support for Stylelint 16

6.0.3

• Fixed sorting inside CSS-in-JS css helper

6.0.2

• Added Stylelint v15 to peerDependencies

6.0.1

• Fix regression causing root of CSS or SCSS to report violations

6.0.0

• Dropped Node.js 12 and 14 support.
• Added support for postcss-styled-syntax.

5.0.0

• Breaking change: Dropped Node.js 8 support. Node.js 12 or greater is now required.
• Breaking change: Dropped support for Stylelint 13 and earlier.
• Added support for Stylelint 14.

Changelog

Sourced from stylelint-order's changelog.

8.1.1

• Fixed false positives for non-standard CSS (e.g. SCSS) in <style> tags, when using postcss-html custom syntax

8.1.0

• Added custom-properties-alphabetical-order rule

8.0.0

• Added limited autofix for properties in rules containing interpolation in CSS-in-JS syntax. Previosly such rules were ignored by autofix. Now groups of properties are sorted. See postcss-sorting documentation for an example.

7.0.1

• Added support for Stylelint 17

7.0.0

• Dropped Node.js 18 support
• Dropped support for Stylelint older than 16.18.0
• Changed: Ignore properties case for properties-order and properties-alphabetical-order
• Added support for more properties shorthands
• Fixed order autofix not applied, when Stylelint disable comments are present
• Fixed properties-alphabetical-order autofix not applied, when Stylelint disable comments are present
• Fixed properties-order autofix not applied, when Stylelint disable comments are present
• Fixed: Don't apply properties-alphabetical-order autofixing if there are no violations
• Fixed: Report warnings if they weren't fixed by autofix in properties-alphabetical-order

6.0.4

• Added support for Stylelint 16

6.0.3

• Fixed sorting inside CSS-in-JS css helper

6.0.2

• Added Stylelint v15 to peerDependencies

6.0.1

• Fix regression causing root of CSS or SCSS to report violations

6.0.0

• Dropped Node.js 12 and 14 support.
• Added support for postcss-styled-syntax.

5.0.0

• Breaking change: Dropped Node.js 8 support. Node.js 12 or greater is now required.
• Breaking change: Dropped support for Stylelint 13 and earlier.
• Added support for Stylelint 14.

Commits

• 5e0802a 8.1.1
• d63b335 Prepare 8.1.1
• 707f2d9 Change how CSS from the style attribute is detected, when using `postcss-ht...
• 7db7174 Add custom-properties-alphabetical-order in README (#214)
• 6d5b26a 8.1.0
• cfa2267 Prepare 8.1.0
• 6652d6d Add custom-properties-alphabetical-order rule (#212)
• cb01afd 8.0.0
• ff92d6e Update changelog
• 3b45045 Add limited autofix for properties in rules containing interpolation in CSS-i...
• Additional commits viewable in compare view

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.