Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: clean-css/clean-css Loading
base: v4.1.7
Choose a base ref
...
head repository: clean-css/clean-css Loading
compare: v4.1.11
Choose a head ref
  • 17 commits
  • 22 files changed
  • 3 contributors

Commits on Sep 2, 2017

  1. Fixes #960 - better explanation of efficiency.

    @jakubpawlowicz
    jakubpawlowicz committed Sep 2, 2017
    Configuration menu
    Copy the full SHA
    e30dac5 View commit details
    Browse the repository at this point in the history

  2. Fixes #959 - regression in shortening long hex values. 

    Introduced in #945.
    @jakubpawlowicz
    jakubpawlowicz committed Sep 2, 2017
    Configuration menu
    Copy the full SHA
    c1aad92 View commit details
    Browse the repository at this point in the history

  3. Fixes #965 - edge case in parsing comment endings. 

    This is an edge case when a comment is closed twice leading to the
second end marker leaking to the next token.
    @jakubpawlowicz
    jakubpawlowicz committed Sep 2, 2017
    Configuration menu
    Copy the full SHA
    744bfc5 View commit details
    Browse the repository at this point in the history

  4. Fixes #966 - remote @imports referenced from local ones. 

    This is an edge case when local `@import` was given by hash and
referenced a remote one which was processed synchronously but should
have been asynchronously.
    @jakubpawlowicz
    jakubpawlowicz committed Sep 2, 2017
    Configuration menu
    Copy the full SHA
    251ec10 View commit details
    Browse the repository at this point in the history

  5. Version 4.1.8.

    @jakubpawlowicz
    jakubpawlowicz committed Sep 2, 2017
    Configuration menu
    Copy the full SHA
    59ab101 View commit details
    Browse the repository at this point in the history

Commits on Sep 19, 2017

  1. Ignore quotes when checking @font-face use (#972)

    @Lobstrosity @jakubpawlowicz
    Lobstrosity authored and jakubpawlowicz committed Sep 19, 2017
    Configuration menu
    Copy the full SHA
    b756b48 View commit details
    Browse the repository at this point in the history

  2. See #971 - adds History.md entry about fixed issue.

    @jakubpawlowicz
    jakubpawlowicz committed Sep 19, 2017
    Configuration menu
    Copy the full SHA
    a83386c View commit details
    Browse the repository at this point in the history

  3. Version 4.1.9.

    @jakubpawlowicz
    jakubpawlowicz committed Sep 19, 2017
    Configuration menu
    Copy the full SHA
    5f6cbc6 View commit details
    Browse the repository at this point in the history

Commits on Mar 5, 2018

  1. Fixes #988 - edge case in dropping animation-duration. 

    When `animation-duration` is default but `animation-delay` isn't we
shouldn't drop the former as both need to be given.
    @jakubpawlowicz
    jakubpawlowicz committed Mar 5, 2018
    Configuration menu
    Copy the full SHA
    21a5df0 View commit details
    Browse the repository at this point in the history

  2. Fixes #989 - edge case in removing unused at-rules. 

    When a value has `!important` in it then it should be stripped bare
before matching to the list of at-rules.
    @jakubpawlowicz
    jakubpawlowicz committed Mar 5, 2018
    Configuration menu
    Copy the full SHA
    8be4084 View commit details
    Browse the repository at this point in the history

  3. [#1001] Fix corrupted state of tokenizer (#1010) 

    - case of roundBracketLevel inferior to 0.
    @abarre @jakubpawlowicz
    abarre authored and jakubpawlowicz committed Mar 5, 2018
    Configuration menu
    Copy the full SHA
    e944a2b View commit details
    Browse the repository at this point in the history

  4. Adds @abarre fix to #1001 to release notes.

    @jakubpawlowicz
    jakubpawlowicz committed Mar 5, 2018
    Configuration menu
    Copy the full SHA
    bedd8a9 View commit details
    Browse the repository at this point in the history

  5. Fixes #1008 - edge case in breaking up font. 

    `font` shorthand needs `font-size` and `font-family`.
    @jakubpawlowicz
    jakubpawlowicz committed Mar 5, 2018
    Configuration menu
    Copy the full SHA
    913d72c View commit details
    Browse the repository at this point in the history

  6. Fixes #1006 - handling invalid input source maps.

    @jakubpawlowicz
    jakubpawlowicz committed Mar 5, 2018
    Configuration menu
    Copy the full SHA
    9e0a38e View commit details
    Browse the repository at this point in the history

  7. Version 4.1.10.

    @jakubpawlowicz
    jakubpawlowicz committed Mar 5, 2018
    Configuration menu
    Copy the full SHA
    c601ebd View commit details
    Browse the repository at this point in the history

Commits on Mar 6, 2018

  1. Fixes ReDOS vulnerabilities. 

    Jamie Davis (@davisjam) from Virginia Tech reported that clean-css
suffers from ReDOS vulnerability [0] when fed with crafted input.

Since not so many people use clean-css allowing untrusted input such
cases may be rare, but this commit reworks vulnerable code to prevent
such attacks.

It also limits certain whitespace blocks to sane length of 31 characters
in validation regexes to prevent similar issues.

[0] https://snyk.io/blog/redos-and-catastrophic-backtracking
    @jakubpawlowicz
    jakubpawlowicz committed Mar 6, 2018
    Configuration menu
    Copy the full SHA
    0440b4a View commit details
    Browse the repository at this point in the history

  2. Version 4.1.11.

    @jakubpawlowicz
    jakubpawlowicz committed Mar 6, 2018
    Configuration menu
    Copy the full SHA
    7812d59 View commit details
    Browse the repository at this point in the history
Loading