Bug report

PostCSS line return parsing error
GHSA-7fh5-64p2-3v2j

Actual Behavior

It has dependency of "postcss": "^8.4.29", which is <8.4.31 according to
GHSA-7fh5-64p2-3v2j

An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \r discrepancies, as demonstrated by @font-face{ font:(\r/*);} in a rule.

This vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being originally included in a comment.

Expected Behavior

Update the dependency of "postcss": "^8.4.29", to "^8.4.31"

How Do We Reproduce?

It already has a vulnerability
CVE-2023-44270

Please paste the results of npx webpack info here, and mention other relevant information

Hello, you can update deps locally, we have postcss in peerDependencies to support v7 and v8 and we use ^ to allow installing new versions with fixes, so plese update your deps locally, thank you, feel free to feedback