Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Fix for 1 vulnerabilities #57

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

enterstudio
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 713/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.4
Prototype Pollution
SNYK-JS-JSON5-3182856
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: css-loader The new version differs by 250 commits.
  • 7857d8f chore(release): 4.0.0
  • 5604205 feat: support `file:` protocol
  • 5303db2 chore(deps): update (#1131)
  • 9aa0549 chore(deps): update
  • a54c955 test: imports
  • 5b45d87 test: support in `@ import` at-rule
  • 83515fa refactor: code
  • 1c20b1e fix: parsing
  • 7f49a0a feat: `@ value` supports importing `url()` (#1126)
  • 791fff3 refactor: named export (#1125)
  • 01e8c76 refactor: change function arguments of the `import` option (#1124)
  • c153fe6 refactor: improve schema options (#1123)
  • 58b4b98 test: unresolved (#1122)
  • d2f6bd2 refactor: getLocalIdent function (#1121)
  • 069dbb0 refactor: the `modules.localsConvention` option was renamed to the `modules.exportLocalsConvention` option (#1120)
  • fc04401 refactor: the `modules.context` option was renamed to the `modules.localIdentContext` option (#1119)
  • 3a96a3d refactor: the `hashPrefix` option was renamed to the `localIdentHashPrefix` option (#1118)
  • 0080f88 refactor: default values `modules` and `module.auto` are true (#1117)
  • e1c55e4 refactor: rename the `onlyLocals` option (#1116)
  • ac5f413 refactor: code
  • a5c1b5f test: code coverange (#1114)
  • 908ecee refactor: `esModule` option is `true` by default (#1111)
  • 7cca035 test: coverange (#1112)
  • bc19ddd feat: improve `url()` resolving algorithm

See the full diff

Package name: file-loader The new version differs by 138 commits.
  • e44eb73 chore(release): 6.0.0
  • ad39022 chore(deps): update (#369)
  • e1fe27c docs: update README.md (#368)
  • c2aded7 chore(release): 5.1.0
  • cd8698b feat: support the `query` template for the `name` option (#366)
  • 5703c58 chore(deps): update (#365)
  • 521bff2 chore: remove duplicate prettier config file (#357)
  • 5ffac2e refactor: added description on esModule (#358)
  • 190829e docs: fix the description of the `esModule` option (#348)
  • f1b071c chore(release): 5.0.2
  • 6431101 chore: add the `funding` field in `package.json` (#347)
  • 90302cd chore(release): 5.0.1
  • 31d6589 fix: name of `esModule` option in source code (#346)
  • 2a18cba chore(release): 5.0.0
  • 98a6c1d refactor: next (#345)
  • 0df6c8d chore(release): 4.3.0
  • a2f5faf refactor: code (#344)
  • 9b9cd8d feat: new options flag to output ES2015 modules (#340)
  • ba0fd4c chore(release): 4.2.0
  • 642ee74 docs: improve readme (#341)
  • c136f44 feat: `postTransformPublicPath` option (#334)
  • d441daa chore(release): 4.1.0
  • 705eed4 feat: improved validation error messages (#339)
  • d016daa chore(release): 4.0.0

See the full diff

Package name: postcss-loader The new version differs by 250 commits.
  • 792e217 chore(release): 4.0.0
  • 598f36d docs: improve readme
  • cad6f07 fix: avoid mutations of options and config (#470)
  • 77449e1 test: union (#469)
  • 9b75888 feat: reuse AST from other loaders (#468)
  • 5e4a77b fix: resolve `from` and `to` from config and options (#467)
  • 225b2e5 refactor: do not validate `postcss` options (#466)
  • 3d32c35 fix: `default` export for plugins (#465)
  • 38ebe08 refactor: `execute` option (#464)
  • d0ea725 refactor: config loading
  • 108d871 test: more
  • b4d3bcc chore: remove unnecessary dev deps (#460)
  • 475278c chore: move `postcss` to `peerDependencies` (#459)
  • 98441ff fix: respect the `map` option and source maps (#458)
  • ba88040 refactor: do not pass meta from other loaders (#457)
  • 25a16a0 refactor: source map code
  • 677c2fe refactor: removed `inline` value for the `sourceMap` option (#454)
  • d8d84f7 refactor: code (#453)
  • 3cd85df refactor: code
  • 6eb44ed refactor: code
  • 53da71a refactor: sourcemap paths
  • d7bc470 feat: array syntax for plugins
  • 2cd7614 refactor: code (#451)
  • 60e4f12 docs: addDependency (#448)

See the full diff

Package name: style-loader The new version differs by 165 commits.
  • 171a747 chore(release): 1.1.4
  • af1b4a9 chore(deps): update
  • a003f05 docs: add links for the options table (#460)
  • 2756e03 chore(release): 1.1.3
  • 236b243 fix: injection algorithm (#456)
  • 36bd8f1 docs: fix typos (#453)
  • de38c39 chore(release): 1.1.2
  • 91ceaf2 fix: algorithm for importing modules (#449)
  • 1138ed7 fix: checking that the list of modules is an array (#448)
  • aa418dd chore(release): 1.1.1
  • 7ee8b04 fix: add empty default export for `linkTag` value
  • c69ea6c chore(release): 1.1.0
  • c7d6e3a fix: order of imported styles (#443)
  • a283b30 test: more manual test (#442)
  • 3415266 feat: `esModule` option (#441)
  • 907aed8 test: refactor (#440)
  • 28e1628 refactor: code (#438)
  • 5c51b90 refactor: cjs (#437)
  • 609263a test: refactor
  • 7768fce chore(release): 1.0.2
  • dcbfadb fix: support ES module syntax (#435)
  • d515edc chore(deps): update (#434)
  • 4c1e3f3 docs: fixed typo 'doom' to 'DOM' in README.md (#432)
  • c6164d5 chore(release): 1.0.1

See the full diff

Package name: stylus-loader The new version differs by 70 commits.

See the full diff

Package name: url-loader The new version differs by 69 commits.

See the full diff

Package name: webpack The new version differs by 250 commits.
  • 610f368 5.0.0
  • 5ce65c1 update examples
  • bbe1230 Merge pull request #11628 from webpack/bugfix/real-content-hash
  • 75ecff2 5.0.0-rc.6
  • bfc35d6 Merge pull request #11603 from MayaWolf/master
  • 76e8cbd Merge pull request #11622 from webpack/dependabot/npm_and_yarn/types/node-13.13.25
  • 9fd1be2 chore(deps-dev): bump @ types/node from 13.13.23 to 13.13.25
  • 36bcfaa Merge pull request #11621 from webpack/bugfix/11619
  • 9130d10 fix called variables with ProvidePlugin
  • 3e42105 Merge pull request #11620 from webpack/bugfix/11617
  • 4709719 skip connections copied to concatenated module
  • 57b493f 5.0.0-rc.5
  • 1658e2f Merge pull request #11618 from webpack/bugfix/11615
  • a8fb45d fixes crash in SideEffectsFlagPlugin
  • 84b196d emit error instead of crashing when unexpected problem occurs
  • 5573fed Merge pull request #11601 from Hornwitser/improve-suggested-polyfill-config
  • 9b5cce9 Merge pull request #11609 from snitin315/export-types
  • 37c495c export type RuleSetUseItem
  • 39faf34 export type RuleSetUse
  • e5fd246 export type RuleSetConditionAbsolute
  • 660baad export RuleSetCondition types
  • 13e3ca5 Merge pull request #11602 from webpack/bugfix/shared-runtime-chunk
  • 9c0587e Merge pull request #11606 from webpack/dependabot/npm_and_yarn/simple-git-2.21.0
  • 502d166 Merge pull request #11607 from webpack/dependabot/npm_and_yarn/acorn-8.0.4

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-JSON5-3182856
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants