chore(deps): bump css_parser from 1.14.0 to 1.22.0

[dependabot]

Bumps css_parser from 1.14.0 to 1.22.0.

Changelog

Sourced from css_parser's changelog.

Ruby CSS Parser CHANGELOG

Unreleased

Version 2.2.0

• Accept CSS <number> values with an omitted integer part (e.g. .1) inside rgb()/rgba()/hsl()/hsla(). Previously RE_COLOUR_NUMERIC and RE_COLOUR_NUMERIC_ALPHA required at least one digit before the decimal point, which caused colours such as rgba(0,0,0,.1) to be silently dropped during shorthand expansion (background-color from background:, border-*-color from border:).

Version 2.1.0

• Validate ssl when pulling files via https

Version 2.0.0

• Drop ruby <3.2, fix a memory leak

Version v1.21.1

• Prefer !important rules over non-!important rules in the same ruleset
• Minor performance improvements

Version v1.21.0

• Minor performance improvements

Version v1.20.0

• Remove iconv conditional require

Version v1.19.1

• Fix error when parsing values consisting of !important only

Version v1.19.0

• Deprecate load_uri!, load_file! and load_string! positional arguments over keyword argument
• Deprecate add_rule! (positional arguments)and add_rule_with_offsets! for add_rule! (keyword argument)
• RuleSet initialize now takes keyword argument, positional arguments are still supported but deprecated
• Removed OffsetAwareRuleSet, it's a RuleSet with optional attributes filename and offset
• Improved performance of block parsing by using StringScanner
• Improve RuleSet#parse_declarations! performance by using substring search istead of regexps
• Fix error when parsing values consisting of !important only

Version v1.18.0

• Drop Ruby 2.7 compatibility for parity with Premailer #149

Version v1.17.1

• Improve security by using File.read instead of IO.read #149

Version v1.17.0

... (truncated)

Commits

• 040895b v1.22.0
• 5069b71 bundle
• e0c95d5 Merge pull request #186 from premailer/grosser/https
• 89c8111 v1.21.1
• 9471b2a Merge pull request #175 from mogest/master
• 3dba6e3 Prefer !important rules over non-!important rules in the same ruleset
• 54b8ea5 Merge pull request #174 from tagliala/chore/fix-match-missed
• f6addfb Fix match? that were not detected by RuboCop
• cff1ddb v1.21.0
• 39dab04 Merge pull request #173 from premailer/grosser/perf
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[mroderick]

Dependency Upgrade Review: css_parser v1.14.0 → v1.22.0

PR Scope

Dependency-only — Only modified. This is a transitive dependency pulled in by → → .

Changes in Dependency

Key changes between v1.14.0 and v1.22.0:

Version	Change
v1.22.0	SSL validation when pulling files via HTTPS (security improvement)
v1.21.1	Prefer rules over non- in same ruleset
v1.21.0	Performance improvements
v1.20.0	Remove conditional require
v1.19.1	Fix error when parsing -only values
v1.19.0	API deprecations (positional args), performance improvements
v1.18.0	Drop Ruby 2.7 support

Usage in Repository

• Used via: gem (email CSS inlining)
• Configuration: sets
• Purpose: Parses CSS for inlining into HTML emails

Compatibility Assessment

Compatible ✓

1. Ruby version: This project uses Ruby 3.4.8, well above the dropped Ruby 2.7 requirement
2. Behavior change: v1.21.1 changes rule precedence — this is a bug fix that makes CSS parsing more correct
3. Security: v1.22.0 adds SSL validation for HTTPS fetches — positive security improvement

Test Coverage

Good coverage for this dependency's use case:

• 6 mailer spec files with tests that call
• All 44 mailer tests pass with the upgraded version
• Tests exercise the full premailer → css_parser chain

Confidence Rating

High — The changes are primarily security fixes, bug fixes, and performance improvements. Tests pass successfully.