chore(deps): override postcss to >=8.5.10 to close XSS advisory in next bundle

[ascender1729]

Summary

Adds a scoped override to website/package.json so every transitive postcss resolves to ^8.5.10:

"overrides": {
  "next": {
    "postcss": "^8.5.10"
  }
}

Previously next@15.5.18 pins postcss to exact 8.4.31, leaving a duplicate vulnerable copy at node_modules/next/node_modules/postcss even after the workspace-level postcss was bumped. The override deduplicates the tree to a single postcss@8.5.14 and closes Dependabot alert #29 (GHSA-qx2v-qp2m-jg93).

package-lock.json was regenerated from scratch (rm package-lock.json && npm install --legacy-peer-deps) because npm cannot retroactively swap the exact-pinned bundled version in the existing lockfile. All other transitive bumps that came along are inside their declared semver ranges in package.json.

Test plan

• npm audit -> 0 vulnerabilities
• npm ls postcss -> single deduped copy at 8.5.14
• npx next build -> succeeds, all routes prerender
• CI green (pytest, lint, security suite, Cloudflare Pages)

Summary by CodeRabbit

• Chores
  • Updated dependency resolution configuration to ensure consistent version of required build tools across the application.

[coderabbitai]

Note

.coderabbit.yaml has unrecognized properties

CodeRabbit is using all valid settings from your configuration. Unrecognized properties (listed below) have been ignored and may indicate typos or deprecated fields that can be removed.

⚠️ Parsing warnings (1)

Validation error: Unrecognized key(s) in object: 'ignore'

⚙️ Configuration instructions

• Please see the configuration documentation for more information.
• You can also validate your configuration using the online YAML validator.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: f63e24dc-aad9-45a9-8638-9fa5f67789b6

📥 Commits

Reviewing files that changed from the base of the PR and between ddd2ac4 and fb8c88a.

⛔ Files ignored due to path filters (1)

• website/package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• website/package.json

---

📝 Walkthrough

Walkthrough

This PR adds a dependency override in website/package.json to force the next package to use postcss version ^8.5.10 during npm resolution. This constrains transitive dependency versions and ensures consistent PostCSS behavior across the build environment.

Changes

Dependency Override Configuration

Layer / File(s)	Summary
Dependency Override website/package.json	Added overrides block constraining next's postcss transitive dependency to ^8.5.10.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: a dependency override to upgrade postcss and address a security vulnerability (XSS advisory) in the next bundle.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/postcss-overrides

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cloudflare-workers-and-pages]

Deploying attestix with    Cloudflare Pages

Latest commit:	fb8c88a
Status:	✅  Deploy successful!
Preview URL:	https://0940628d.attestix.pages.dev
Branch Preview URL:	https://fix-postcss-overrides.attestix.pages.dev

View logs