Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Fix for 1 vulnerabilities #27

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 713/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.4
Prototype Pollution
SNYK-JS-JSON5-3182856
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: css-loader The new version differs by 250 commits.
  • 7857d8f chore(release): 4.0.0
  • 5604205 feat: support `file:` protocol
  • 5303db2 chore(deps): update (#1131)
  • 9aa0549 chore(deps): update
  • a54c955 test: imports
  • 5b45d87 test: support in `@ import` at-rule
  • 83515fa refactor: code
  • 1c20b1e fix: parsing
  • 7f49a0a feat: `@ value` supports importing `url()` (#1126)
  • 791fff3 refactor: named export (#1125)
  • 01e8c76 refactor: change function arguments of the `import` option (#1124)
  • c153fe6 refactor: improve schema options (#1123)
  • 58b4b98 test: unresolved (#1122)
  • d2f6bd2 refactor: getLocalIdent function (#1121)
  • 069dbb0 refactor: the `modules.localsConvention` option was renamed to the `modules.exportLocalsConvention` option (#1120)
  • fc04401 refactor: the `modules.context` option was renamed to the `modules.localIdentContext` option (#1119)
  • 3a96a3d refactor: the `hashPrefix` option was renamed to the `localIdentHashPrefix` option (#1118)
  • 0080f88 refactor: default values `modules` and `module.auto` are true (#1117)
  • e1c55e4 refactor: rename the `onlyLocals` option (#1116)
  • ac5f413 refactor: code
  • a5c1b5f test: code coverange (#1114)
  • 908ecee refactor: `esModule` option is `true` by default (#1111)
  • 7cca035 test: coverange (#1112)
  • bc19ddd feat: improve `url()` resolving algorithm

See the full diff

Package name: file-loader The new version differs by 138 commits.
  • e44eb73 chore(release): 6.0.0
  • ad39022 chore(deps): update (#369)
  • e1fe27c docs: update README.md (#368)
  • c2aded7 chore(release): 5.1.0
  • cd8698b feat: support the `query` template for the `name` option (#366)
  • 5703c58 chore(deps): update (#365)
  • 521bff2 chore: remove duplicate prettier config file (#357)
  • 5ffac2e refactor: added description on esModule (#358)
  • 190829e docs: fix the description of the `esModule` option (#348)
  • f1b071c chore(release): 5.0.2
  • 6431101 chore: add the `funding` field in `package.json` (#347)
  • 90302cd chore(release): 5.0.1
  • 31d6589 fix: name of `esModule` option in source code (#346)
  • 2a18cba chore(release): 5.0.0
  • 98a6c1d refactor: next (#345)
  • 0df6c8d chore(release): 4.3.0
  • a2f5faf refactor: code (#344)
  • 9b9cd8d feat: new options flag to output ES2015 modules (#340)
  • ba0fd4c chore(release): 4.2.0
  • 642ee74 docs: improve readme (#341)
  • c136f44 feat: `postTransformPublicPath` option (#334)
  • d441daa chore(release): 4.1.0
  • 705eed4 feat: improved validation error messages (#339)
  • d016daa chore(release): 4.0.0

See the full diff

Package name: url-loader The new version differs by 69 commits.
  • 8828d64 chore(release): 4.0.0
  • fc8721f chore(deps): migrate on `mime-types` package (#209)
  • f13757a chore(deps): update (#208)
  • a2f127d fix: description on the `esModule` option (#204)
  • 4301f87 chore(release): 3.0.0
  • 3f0bbc5 refactor: next (#198)
  • 2451157 chore(release): 2.3.0
  • 0ee2b99 feat: new `esModules` option to output ES modules
  • cbd1950 chore(release): 2.2.0
  • 196110e fix: yarn pnp support (#195)
  • 9431124 docs: improve documentation about `fallback` (#194)
  • a251a23 chore(deps): update (#193)
  • 2bffcfd fix: limit must allow infinity and max value (#192)
  • 1b9dbd1 chore(release): 2.1.0
  • f3d4dd2 feat: improved validation error messages (#187)
  • 37c6acc chore(release): 2.0.1
  • 4842f93 fix: allow using limit as string when you use loader with query string (#185)
  • c0341da chore(defaults): update (#184)
  • 78833ac chore(release): 2.0.0
  • 4386b3e chore(deps): update (#182)
  • 60d2cb3 feat: limit option can be boolean (#181)
  • d82e453 fix: `limit` should always be a number and 0 value handles as number (#180)
  • 3c24545 fix: fallback loader will be used than limit is equal or greater (#179)
  • a6705cc test: test svg scenario. #176 (#177)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-JSON5-3182856
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant