Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Fix for 1 vulnerabilities #43

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 713/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.4
Prototype Pollution
SNYK-JS-JSON5-3182856
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: css-loader The new version differs by 250 commits.
  • 7857d8f chore(release): 4.0.0
  • 5604205 feat: support `file:` protocol
  • 5303db2 chore(deps): update (#1131)
  • 9aa0549 chore(deps): update
  • a54c955 test: imports
  • 5b45d87 test: support in `@ import` at-rule
  • 83515fa refactor: code
  • 1c20b1e fix: parsing
  • 7f49a0a feat: `@ value` supports importing `url()` (#1126)
  • 791fff3 refactor: named export (#1125)
  • 01e8c76 refactor: change function arguments of the `import` option (#1124)
  • c153fe6 refactor: improve schema options (#1123)
  • 58b4b98 test: unresolved (#1122)
  • d2f6bd2 refactor: getLocalIdent function (#1121)
  • 069dbb0 refactor: the `modules.localsConvention` option was renamed to the `modules.exportLocalsConvention` option (#1120)
  • fc04401 refactor: the `modules.context` option was renamed to the `modules.localIdentContext` option (#1119)
  • 3a96a3d refactor: the `hashPrefix` option was renamed to the `localIdentHashPrefix` option (#1118)
  • 0080f88 refactor: default values `modules` and `module.auto` are true (#1117)
  • e1c55e4 refactor: rename the `onlyLocals` option (#1116)
  • ac5f413 refactor: code
  • a5c1b5f test: code coverange (#1114)
  • 908ecee refactor: `esModule` option is `true` by default (#1111)
  • 7cca035 test: coverange (#1112)
  • bc19ddd feat: improve `url()` resolving algorithm

See the full diff

Package name: exports-loader The new version differs by 15 commits.

See the full diff

Package name: file-loader The new version differs by 125 commits.
  • e44eb73 chore(release): 6.0.0
  • ad39022 chore(deps): update (#369)
  • e1fe27c docs: update README.md (#368)
  • c2aded7 chore(release): 5.1.0
  • cd8698b feat: support the `query` template for the `name` option (#366)
  • 5703c58 chore(deps): update (#365)
  • 521bff2 chore: remove duplicate prettier config file (#357)
  • 5ffac2e refactor: added description on esModule (#358)
  • 190829e docs: fix the description of the `esModule` option (#348)
  • f1b071c chore(release): 5.0.2
  • 6431101 chore: add the `funding` field in `package.json` (#347)
  • 90302cd chore(release): 5.0.1
  • 31d6589 fix: name of `esModule` option in source code (#346)
  • 2a18cba chore(release): 5.0.0
  • 98a6c1d refactor: next (#345)
  • 0df6c8d chore(release): 4.3.0
  • a2f5faf refactor: code (#344)
  • 9b9cd8d feat: new options flag to output ES2015 modules (#340)
  • ba0fd4c chore(release): 4.2.0
  • 642ee74 docs: improve readme (#341)
  • c136f44 feat: `postTransformPublicPath` option (#334)
  • d441daa chore(release): 4.1.0
  • 705eed4 feat: improved validation error messages (#339)
  • d016daa chore(release): 4.0.0

See the full diff

Package name: imports-loader The new version differs by 29 commits.

See the full diff

Package name: less-loader The new version differs by 155 commits.
  • 73740a8 chore(release): 6.0.0
  • 4579dfb refactor: code (#349)
  • 1aff534 refactor: code
  • 3931470 feat: `paths` now works with webpack resolver
  • cecf183 test: appendData prependData, when they are string (#345)
  • a1cf249 refactor: moving processResult in index (#344)
  • bffbc5e refactor: import from scoped npm packages (#343)
  • b04cb0d test: import through plugin (#341)
  • 221714b test: import nested (#342)
  • 443bd5a refactor: first resolve filename in less, then in webpack (#340)
  • 82cb6a7 chore(deps): update
  • d7590b5 refactor: deleting a mention about less2 (#337)
  • fb94605 feat: added the `appendData` option (#336)
  • 24021cd fix: import alias without tilde (#335)
  • 4604f20 test: import files hosted remotely (#334)
  • 8e020e9 fix: import files hosted remotely (#333)
  • cfeccd5 chore: drop less@2 (#331)
  • 4f894bc test: fixes (#330)
  • 9df8755 feat: allow data to be prepended via `options.prependData` (#327)
  • ce03da9 docs: add example for `lessOptions` using a function (#326)
  • a6be94a feat: allow a function to be used for `lessOptions` (#325)
  • cdb611f chore: update README with examples, change lessOptions to only allow objects (#324)
  • 6fc1392 chore: remove `pify` in favour of `util.promisify` (#323)
  • fed50ba chore: remove sync check (#322)

See the full diff

Package name: style-loader The new version differs by 165 commits.
  • 171a747 chore(release): 1.1.4
  • af1b4a9 chore(deps): update
  • a003f05 docs: add links for the options table (#460)
  • 2756e03 chore(release): 1.1.3
  • 236b243 fix: injection algorithm (#456)
  • 36bd8f1 docs: fix typos (#453)
  • de38c39 chore(release): 1.1.2
  • 91ceaf2 fix: algorithm for importing modules (#449)
  • 1138ed7 fix: checking that the list of modules is an array (#448)
  • aa418dd chore(release): 1.1.1
  • 7ee8b04 fix: add empty default export for `linkTag` value
  • c69ea6c chore(release): 1.1.0
  • c7d6e3a fix: order of imported styles (#443)
  • a283b30 test: more manual test (#442)
  • 3415266 feat: `esModule` option (#441)
  • 907aed8 test: refactor (#440)
  • 28e1628 refactor: code (#438)
  • 5c51b90 refactor: cjs (#437)
  • 609263a test: refactor
  • 7768fce chore(release): 1.0.2
  • dcbfadb fix: support ES module syntax (#435)
  • d515edc chore(deps): update (#434)
  • 4c1e3f3 docs: fixed typo 'doom' to 'DOM' in README.md (#432)
  • c6164d5 chore(release): 1.0.1

See the full diff

Package name: url-loader The new version differs by 69 commits.
  • 8828d64 chore(release): 4.0.0
  • fc8721f chore(deps): migrate on `mime-types` package (#209)
  • f13757a chore(deps): update (#208)
  • a2f127d fix: description on the `esModule` option (#204)
  • 4301f87 chore(release): 3.0.0
  • 3f0bbc5 refactor: next (#198)
  • 2451157 chore(release): 2.3.0
  • 0ee2b99 feat: new `esModules` option to output ES modules
  • cbd1950 chore(release): 2.2.0
  • 196110e fix: yarn pnp support (#195)
  • 9431124 docs: improve documentation about `fallback` (#194)
  • a251a23 chore(deps): update (#193)
  • 2bffcfd fix: limit must allow infinity and max value (#192)
  • 1b9dbd1 chore(release): 2.1.0
  • f3d4dd2 feat: improved validation error messages (#187)
  • 37c6acc chore(release): 2.0.1
  • 4842f93 fix: allow using limit as string when you use loader with query string (#185)
  • c0341da chore(defaults): update (#184)
  • 78833ac chore(release): 2.0.0
  • 4386b3e chore(deps): update (#182)
  • 60d2cb3 feat: limit option can be boolean (#181)
  • d82e453 fix: `limit` should always be a number and 0 value handles as number (#180)
  • 3c24545 fix: fallback loader will be used than limit is equal or greater (#179)
  • a6705cc test: test svg scenario. #176 (#177)

See the full diff

Package name: webpack The new version differs by 250 commits.
  • 610f368 5.0.0
  • 5ce65c1 update examples
  • bbe1230 Merge pull request #11628 from webpack/bugfix/real-content-hash
  • 75ecff2 5.0.0-rc.6
  • bfc35d6 Merge pull request #11603 from MayaWolf/master
  • 76e8cbd Merge pull request #11622 from webpack/dependabot/npm_and_yarn/types/node-13.13.25
  • 9fd1be2 chore(deps-dev): bump @ types/node from 13.13.23 to 13.13.25
  • 36bcfaa Merge pull request #11621 from webpack/bugfix/11619
  • 9130d10 fix called variables with ProvidePlugin
  • 3e42105 Merge pull request #11620 from webpack/bugfix/11617
  • 4709719 skip connections copied to concatenated module
  • 57b493f 5.0.0-rc.5
  • 1658e2f Merge pull request #11618 from webpack/bugfix/11615
  • a8fb45d fixes crash in SideEffectsFlagPlugin
  • 84b196d emit error instead of crashing when unexpected problem occurs
  • 5573fed Merge pull request #11601 from Hornwitser/improve-suggested-polyfill-config
  • 9b5cce9 Merge pull request #11609 from snitin315/export-types
  • 37c495c export type RuleSetUseItem
  • 39faf34 export type RuleSetUse
  • e5fd246 export type RuleSetConditionAbsolute
  • 660baad export RuleSetCondition types
  • 13e3ca5 Merge pull request #11602 from webpack/bugfix/shared-runtime-chunk
  • 9c0587e Merge pull request #11606 from webpack/dependabot/npm_and_yarn/simple-git-2.21.0
  • 502d166 Merge pull request #11607 from webpack/dependabot/npm_and_yarn/acorn-8.0.4

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-JSON5-3182856
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant