chore(deps): update dependency cssnano to v7 (2.x)

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
cssnano	^6.1.2 -> ^7.0.1

---

Release Notes

cssnano/cssnano (cssnano)

v7.0.1: v7.0.1

Compare Source

Patch changes

Update postcss-calc dependency to latest version

v7.0.0: v7.0.0

Compare Source

Breaking changes

This release drops official support for unmaintained long term support Node.js releases 14 and 16. It also drops support for non-long term support releases 19 and 21 and add support for Node.js 22. Only the package.json engines field has been updated. The code should otherwise be identical to the previous 6.1.2 release.

Ensuring support for older Node.js had become difficult as the GitHub actions runners are not available for the latest MacOS and recent pnpm also could not run on CI any more.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 66.22%. Comparing base (ca6040e) to head (9a2f590).

Additional details and impacted files

@@           Coverage Diff           @@
##              2.x   #26930   +/-   ##
=======================================
  Coverage   66.22%   66.22%           
=======================================
  Files          93       93           
  Lines        4121     4121           
  Branches     1169     1169           
=======================================
  Hits         2729     2729           
  Misses       1126     1126           
  Partials      266      266           

Flag	Coverage Δ
unittests	66.22% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source
Install scripts	npm/core-js@3.37.1	Install script: postinstall Source: node -e "try{require('./postinstall')}catch(e){}"	packages/babel-preset-app/package.json

View full report↗︎

Next steps

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/foo@1.0.0 or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/core-js@3.37.1

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@babel/compat-data@7.24.6	None	0	65.2 kB	nicolo-ribaudo
npm/@babel/helper-environment-visitor@7.24.6	None	0	6.61 kB	nicolo-ribaudo
npm/@babel/helper-plugin-utils@7.24.6	None	0	127 kB	nicolo-ribaudo
npm/@babel/helper-string-parser@7.24.6	None	0	31.7 kB	nicolo-ribaudo
npm/@babel/helper-validator-identifier@7.24.6	None	0	49.2 kB	nicolo-ribaudo
npm/@babel/helper-validator-option@7.24.6	None	0	11.8 kB	nicolo-ribaudo
npm/@babel/parser@7.24.6	None	0	1.89 MB	nicolo-ribaudo
npm/@discoveryjs/json-ext@0.5.7	None	0	81.1 kB	lahmatiy
npm/@gar/promisify@1.1.3	None	0	4.2 kB	gar
npm/@jridgewell/set-array@1.2.1	None	0	17.9 kB	jridgewell
npm/@jridgewell/sourcemap-codec@1.4.15	None	0	45.9 kB	jridgewell
npm/@nodelib/fs.stat@2.0.5	filesystem	0	11.8 kB	mrmlnc
npm/@types/estree@1.0.5	None	0	25.7 kB	types
npm/@webassemblyjs/floating-point-hex-parser@1.11.6	None	0	5.14 kB	xtuc
npm/@webassemblyjs/helper-api-error@1.11.6	None	0	5.4 kB	xtuc
npm/@webassemblyjs/helper-buffer@1.12.1	None	0	10.8 kB	xtuc
npm/@webassemblyjs/utf8@1.11.6	None	0	7.31 kB	xtuc
npm/acorn@8.11.3	None	0	531 kB	marijn
npm/ansi-html-community@0.0.8	None	0	20.1 kB	mahdyar
npm/ansi-regex@6.0.1	None	0	5.67 kB	qix
npm/assert-plus@1.0.0	environment	0	11.4 kB	pfmooney
npm/base64-js@1.5.1	None	0	9.62 kB	feross
npm/binary-extensions@2.2.0	None	0	5.36 kB	sindresorhus
npm/bluebird@3.7.2	environment, eval, unsafe	0	632 kB	esailija
npm/bn.js@4.12.0	None	0	95.7 kB	fanatid
npm/brorand@1.1.0	None	0	3.52 kB	indutny
npm/builtin-status-codes@3.0.0	network	0	4.5 kB	bendrucker
npm/bytes@3.1.2	None	0	12.3 kB	dougwilson
npm/caniuse-lite@1.0.30001612	None	0	2.05 MB	caniuse-lite
npm/colord@2.9.3	None	0	114 kB	omgovich
npm/colorette@2.0.20	None	0	17 kB	jorgebucaran
npm/content-type@1.0.5	None	0	10.5 kB	dougwilson
npm/core-js@3.37.1	environment, eval, filesystem	0	1.23 MB	zloirock
npm/css-what@6.1.0	None	0	66 kB	feedic
npm/debounce@1.2.1	None	0	12 kB	stephenmathieson
npm/decimal.js@10.4.3	None	0	283 kB	mikemcl
npm/destroy@1.2.0	filesystem	0	9.02 kB	dougwilson
npm/domelementtype@2.3.0	None	0	11.4 kB	feedic
npm/dotenv@16.4.5	environment, filesystem	0	79.1 kB	motdotla
npm/duplexer@0.1.2	None	0	5.47 kB	raynos
npm/entities@4.5.0	None	0	413 kB	feedic
npm/eslint-visitor-keys@3.4.3	None	0	32.3 kB	eslintbot
npm/esprima@4.0.1	None	0	314 kB	ariya
npm/estraverse@5.3.0	None	0	37.1 kB	michaelficarra
npm/etag@1.8.1	filesystem	0	10.8 kB	dougwilson
npm/events@3.3.0	None	0	82.8 kB	goto-bus-stop
npm/exit@0.1.2	None	0	59.8 kB	cowboy
npm/fast-deep-equal@3.1.3	None	0	13 kB	esp
npm/fast-json-stable-stringify@2.1.0	None	0	17 kB	esp
npm/fresh@0.5.2	None	0	10.1 kB	dougwilson
npm/fsevents@2.3.2	None	0	156 kB	pipobscure
npm/graceful-fs@4.2.11	environment, filesystem	0	32.5 kB	isaacs
npm/has-bigints@1.0.2	None	0	12.8 kB	ljharb
npm/has-symbols@1.0.3	None	0	20.6 kB	ljharb
npm/he@1.2.0	None	0	124 kB	mathias
npm/html-escaper@2.0.2	None	0	13.1 kB	webreflection
npm/ieee754@1.2.1	None	0	6.8 kB	feross
npm/ignore@5.3.1	None	0	51.5 kB	kael
npm/infer-owner@1.0.4	filesystem	0	4.29 kB	isaacs
npm/inherits@2.0.4	None	0	3.96 kB	isaacs
npm/ini@1.3.8	None	0	9.3 kB	isaacs
npm/is-callable@1.2.7	None	0	28.9 kB	ljharb
npm/is-docker@2.2.1	filesystem	0	3.01 kB	sindresorhus
npm/is-extglob@2.1.1	None	0	6.22 kB	jonschlinkert
npm/is-plain-obj@1.1.0	None	0	2.62 kB	sindresorhus
npm/isobject@3.0.1	None	0	6.93 kB	doowb
npm/istanbul-lib-coverage@3.2.0	None	0	29.3 kB	oss-bot
npm/jiti@1.21.0	environment, filesystem, unsafe	0	1.91 MB	pi0
npm/json-parse-better-errors@1.0.2	None	0	6.7 kB	zkat
npm/json5@2.2.3	None	0	235 kB	jordanbtucker
npm/lilconfig@2.1.0	filesystem	0	16.6 kB	antonk52
npm/loader-runner@4.3.0	eval, filesystem	0	18.4 kB	sokra
npm/lodash@4.17.21	None	0	1.41 MB	bnjmnt4n
npm/mdn-data@2.0.30	None	0	602 kB	schalkneethling
npm/merge2@1.4.1	None	0	8.9 kB	zensh
npm/mime-db@1.52.0	None	0	206 kB	dougwilson
npm/mime@1.6.0	environment, filesystem	0	51.7 kB	broofa
npm/minimalistic-assert@1.0.1	None	0	1.55 kB	cwmma
npm/minimist@1.2.8	None	0	54.5 kB	ljharb
npm/moment@2.30.1	None	0	4.35 MB	ichernev
npm/ms@2.1.2	None	0	6.84 kB	styfle
npm/nanoid@3.3.7	None	0	24.4 kB	ai
npm/negotiator@0.6.3	None	0	27.4 kB	dougwilson
npm/neo-async@2.6.2	None	0	298 kB	suguru03
npm/node-fetch-native@1.6.4	network	0	735 kB	pi0
npm/normalize-path@3.0.0	None	0	9.22 kB	jonschlinkert
npm/object-assign@4.1.1	None	0	5.49 kB	sindresorhus
npm/on-headers@1.0.2	None	0	7.54 kB	dougwilson
npm/opener@1.5.2	shell	0	6.21 kB	domenic
npm/path-key@3.1.1	None	0	4.55 kB	sindresorhus
npm/picomatch@2.3.1	None	0	90 kB	mrmlnc
npm/postcss-value-parser@4.2.0	None	0	27.2 kB	evilebottnawi
npm/pretty-bytes@5.6.0	None	0	11.5 kB	sindresorhus
npm/psl@1.9.0	None	0	461 kB	lupomontero
npm/punycode@2.3.1	None	0	33.5 kB	google-wombot
npm/range-parser@1.2.1	None	0	8.46 kB	dougwilson
npm/regenerator-runtime@0.14.1	None	0	27.9 kB	benjamn
npm/resolve-from@5.0.0	filesystem, unsafe	0	5.82 kB	sindresorhus
npm/safe-buffer@5.2.1	None	0	32.1 kB	feross
npm/safer-buffer@2.1.2	None	0	42.3 kB	chalker
npm/semver@7.6.2	None	0	95.4 kB	npm-cli-ops
npm/source-map-js@1.2.0	None	0	140 kB	7rulnik
npm/source-map@0.5.6	None	0	756 kB	nickfitzgerald
npm/through@2.3.8	None	0	12.5 kB	dominictarr
npm/tweetnacl@0.14.5	None	0	174 kB	dchest
npm/typescript@5.4.5	None	0	32.4 MB	typescript-bot
npm/ua-parser-js@1.0.37	None	0	112 kB	faisalman
npm/ufo@1.5.3	None	0	103 kB	pi0
npm/unpipe@1.0.0	None	0	4.31 kB	dougwilson
npm/util-deprecate@1.0.2	None	0	5.48 kB	tootallnate
npm/vary@1.1.2	None	0	8.75 kB	dougwilson
npm/webpack-sources@3.2.3	None	0	91.3 kB	sokra
npm/xtend@4.0.2	None	0	6.46 kB	raynos
npm/yargs-parser@21.1.1	environment, filesystem	0	128 kB	oss-bot

🚮 Removed packages: npm/css-color-names@0.0.4

View full report↗︎