Bump json5, css-loader, file-loader, html-loader, sass-loader, style-loader, webextension-toolbox, webpack and webpack-cli

[dependabot[bot]]

Bumps json5 to 2.2.3 and updates ancestor dependencies json5, css-loader, file-loader, html-loader, sass-loader, style-loader, webextension-toolbox, webpack and webpack-cli. These dependencies need to be updated together.

Updates json5 from 2.1.3 to 2.2.3

Release notes

Sourced from json5's releases.

v2.2.3

• Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1

• Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0

• New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

Changelog

Sourced from json5's changelog.

v2.2.3 [code, diff]

• Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

• Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0 [code, diff]

• New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

Commits

• c3a7524 2.2.3
• 94fd06d docs: update CHANGELOG for v2.2.3
• 3b8cebf docs(security): use GitHub security advisories
• f0fd9e1 docs: publish a security policy
• 6a91a05 docs(template): bug -> bug report
• 14f8cb1 2.2.2
• 10cc7ca docs: update CHANGELOG for v2.2.2
• 7774c10 fix: add proto to objects and arrays
• edde30a Readme: slight tweak to intro
• 97286f8 Improve example in readme
• Additional commits viewable in compare view

Updates css-loader from 3.2.0 to 6.7.3

Release notes

Sourced from css-loader's releases.

v6.7.3

6.7.3 (2022-12-14)

Bug Fixes

• remove sourceURL from emitted CSS (#1487) (962924c)

v6.7.2

6.7.2 (2022-11-13)

Bug Fixes

• css modules generation with inline syntax (#1480) (2f4c273)

v6.7.1

6.7.1 (2022-03-08)

Bug Fixes

• defaultGetLocalIdent export (#1427) (74dac1e)

v6.7.0

6.7.0 (2022-03-04)

Features

• re-export defaultGetLocalIdent (#1423) (207cf36)

v6.6.0

6.6.0 (2022-02-02)

Features

• added the hashStrategy option (ca4abce)

v6.5.1

6.5.1 (2021-11-03)

Bug Fixes

• regression with unicode characters in locals (b7a8441)
• runtime path generation (#1393) (feafea8)

v6.5.0

... (truncated)

Changelog

Sourced from css-loader's changelog.

6.7.3 (2022-12-14)

Bug Fixes

• remove sourceURL from emitted CSS (#1487) (962924c)

6.7.2 (2022-11-13)

Bug Fixes

• css modules generation with inline syntax (#1480) (2f4c273)

6.7.1 (2022-03-08)

Bug Fixes

• defaultGetLocalIdent export (#1427) (74dac1e)

6.7.0 (2022-03-04)

Features

• re-export defaultGetLocalIdent (#1423) (207cf36)

6.6.0 (2022-02-02)

Features

• added the hashStrategy option (ca4abce)

6.5.1 (2021-11-03)

Bug Fixes

• regression with unicode characters in locals (b7a8441)
• runtime path generation (#1393) (feafea8)

6.5.0 (2021-10-26)

Features

• support absolute URL in url() when experiments.buildHttp enabled (#1389) (8946be4)

... (truncated)

Commits

• ef749f2 chore(release): 6.7.3
• 36fb945 chore: fix cspell
• 962924c fix: remove sourceURL from emitted CSS (#1487)
• 3f3f302 chore(deps): bump decode-uri-component from 0.2.0 to 0.2.2 (#1486)
• 04ca713 chore: update dependencies to the latest version (#1485)
• 9449827 chore: update styfle/cancel-workflow-action (#1484)
• 6c67af8 chore: add cSpell to check spelling issues (#1482)
• 239b9ac chore(deps): bump loader-utils from 2.0.3 to 2.0.4 (#1481)
• 394d200 chore(release): 6.7.2
• 2f4c273 fix: css modules generation with inline syntax (#1480)
• Additional commits viewable in compare view

Updates file-loader from 4.2.0 to 6.2.0

Release notes

Sourced from file-loader's releases.

v6.2.0

6.2.0 (2020-10-27)

Features

• added the sourceFilename property to asset info with original filename (#393) (654e0d6)

Bug Fixes

• immutable flag when the name option have hash in query string (#392) (381d8bd)

v6.1.1

6.1.1 (2020-10-09)

Chore

• update schema-utils

v6.1.0

6.1.0 (2020-08-31)

Features

• pass immutable flag to asset info (#383) (40fcde8)

v6.0.0

6.0.0 (2020-03-17)

⚠ BREAKING CHANGES

• use md4 by default for hashing (#369) (ad39022)

v5.1.0

5.1.0 (2020-02-19)

Features

• support the query template for the name option (#366) (cd8698b)

v5.0.2

5.0.2 (2019-11-25)

Chore

... (truncated)

Changelog

Sourced from file-loader's changelog.

6.2.0 (2020-10-27)

Features

• added the sourceFilename property to asset info with original filename (#393) (654e0d6)

Bug Fixes

• immutable flag when the name option have hash in query string (#392) (381d8bd)

6.1.1 (2020-10-09)

Chore

• update schema-utils

6.1.0 (2020-08-31)

Features

• pass immutable flag to asset info (#383) (40fcde8)

6.0.0 (2020-03-17)

⚠ BREAKING CHANGES

• use md4 by default for hashing (#369) (ad39022)

5.1.0 (2020-02-19)

Features

• support the query template for the name option (#366) (cd8698b)

5.0.2 (2019-11-25)

Chore

• add the funding field in package.json

5.0.1 (2019-11-25)

... (truncated)

Commits

• c423008 chore(release): 6.2.0
• 654e0d6 feat: added the sourceFilename property to asset info with original filenam...
• 381d8bd fix: immutable flag when the name option have hash in query string (#392)
• 14ed4c9 ci: updated webpack versions (#389)
• 6fadfbe chore(release): 6.1.1
• 60508cf chore(deps): update
• 25e2668 chore(release): 6.1.0
• 6e22f6e test: fix
• 40fcde8 feat: pass immutable flag to asset info (#383)
• 718aef5 chore(deps): update (#375)
• Additional commits viewable in compare view

Updates html-loader from 0.5.5 to 4.2.0

Release notes

Sourced from html-loader's releases.

v4.2.0

4.2.0 (2022-09-22)

Features

• update html minifier (#462) (27a6caf)

v4.1.0

4.1.0 (2022-07-11)

Features

• added the scriptingEnabled option (#448) (6ed9f9c)

v4.0.0

4.0.0 (2022-06-15)

⚠ BREAKING CHANGES

• minimum supported Node.js version is 14.15.0
• update parse5 to 7.0.0

Bug Fixes

• handle text with <script> in the script element (#444) (9949d82)

v3.1.2

Fix

• broken release

v3.1.0

3.1.0 (2022-01-08)

Features

• add possibility to extend default minimize options (#414) (0fa36af)

v3.0.1

3.0.1 (2021-11-02)

Bug Fixes

• context for loader without resource (#409) (eb08a58)
• handle attributes without tag (#410) (e5d5fd8)

... (truncated)

Changelog

Sourced from html-loader's changelog.

4.2.0 (2022-09-22)

Features

• update html minifier (#462) (27a6caf)

4.1.0 (2022-07-11)

Features

• added the scriptingEnabled option (#448) (6ed9f9c)

4.0.0 (2022-06-15)

⚠ BREAKING CHANGES

• minimum supported Node.js version is 14.15.0
• update parse5 to 7.0.0

Bug Fixes

• handle text with <script> in the script element (#444) (9949d82)

3.1.0 (2022-01-08)

Features

• add possibility to extend default minimize options (#414) (0fa36af)

3.0.1 (2021-11-02)

Bug Fixes

• context for loader without resource (#409) (eb08a58)
• handle attributes without tag (#410) (e5d5fd8)

3.0.0 (2021-10-21)

⚠ BREAKING CHANGES

• minimum supported Node.js version is 12.13.0

Features

... (truncated)

Commits

• 17fbef3 chore(release): 4.2.0
• 27a6caf feat: update html minifier (#462)
• 01905ba chore: update commitlint action (#461)
• 37d2073 chore: run cancel workflow on pull request (#458)
• 7dd065c chore: update jest to the latest version (#457)
• 3ddf326 ci: update github workflow security permissions (#456)
• 2457eda chore: upgrade dependencies to the latest version (#455)
• 3ea5738 ci: add job to cancel previous runs (#454)
• 33cc6d0 chore: update dependencies to the latest version (#453)
• e81a944 ci: add GitHub token permissions for workflow (#450)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by evilebottnawi, a new releaser for html-loader since your current version.

Updates sass-loader from 8.0.0 to 13.2.0

Release notes

Sourced from sass-loader's releases.

v13.2.0

13.2.0 (2022-11-09)

Features

• add support for node-sass v8 (#1100) (e5581b7)

v13.1.0

13.1.0 (2022-10-06)

Features

• allow to extend conditionNames (#1092) (6e02c64)

v13.0.2

13.0.2 (2022-06-27)

Bug Fixes

• hide error stacktrace on Sass errors (#1069) (5e6a61b)

v13.0.1

13.0.1 (2022-06-24)

Bug Fixes

• optimize debug message formatting, #1065 (#1066) (49a578a)

v13.0.0

13.0.0 (2022-05-18)

⚠ BREAKING CHANGES

• minimum supported Node.js version is 14.15.0 (#1048)
• emit @warn at-rules as webpack warnings by default, if you want to revert behavior please use the warnRuleAsWarning option (#1054) (58ffb68)

Bug Fixes

• do not crash on importers for modern API (#1052) (095814e)
• do not store original sass error in webpack error(#1053) (06d7533)

v12.6.0

12.6.0 (2022-02-15)

... (truncated)

Changelog

Sourced from sass-loader's changelog.

13.2.0 (2022-11-09)

Features

• add support for node-sass v8 (#1100) (e5581b7)

13.1.0 (2022-10-06)

Features

• allow to extend conditionNames (#1092) (6e02c64)

13.0.2 (2022-06-27)

Bug Fixes

• hide error stacktrace on Sass errors (#1069) (5e6a61b)

13.0.1 (2022-06-24)

Bug Fixes

• optimize debug message formatting, #1065 (#1066) (49a578a)

13.0.0 (2022-05-18)

⚠ BREAKING CHANGES

• minimum supported Node.js version is 14.15.0 (#1048)
• emit @warn at-rules as webpack warnings by default, if you want to revert behavior please use the warnRuleAsWarning option (#1054) (58ffb68)

Bug Fixes

• do not crash on importers for modern API (#1052) (095814e)
• do not store original sass error in webpack error(#1053) (06d7533)

12.6.0 (2022-02-15)

Features

• added support for automatic loading of sass-embedded (#1025) (c8dae87)

12.5.0 (2022-02-14)

... (truncated)

Commits

• e8fbc79 chore(release): 13.2.0
• e5581b7 feat: add support for node-sass v8 (#1100)
• acb3ce0 chore(deps): bump loader-utils from 2.0.2 to 2.0.3 (#1099)
• 1cdea4e chore: update dependencies to the latest version (#1098)
• 094a303 docs: update cla link (#1096)
• c32f63a ci: add dependency review action (#1094)
• b31751d chore(release): 13.1.0
• 6e02c64 feat: allow to extend conditionNames (#1092)
• edab08f chore: update dependencies to the latest version (#1093)
• 3a34fef chore: update commitlint action (#1091)
• Additional commits viewable in compare view

Updates style-loader from 1.0.0 to 1.3.0

Release notes

Sourced from style-loader's releases.

v1.3.0

1.3.0 (2020-10-03)

Features

• added modules.namedExport (#485) (15889db)

Bug Fixes

• check if btoa exists for old IE versions (#479) (732ef8b)
• esModule option issue (#476) (c623f27)

v1.2.1

1.2.1 (2020-04-28)

Bug Fixes

• hot module replacement logic for lazy type (#468) (88a5c2b)

v1.2.0

1.2.0 (2020-04-24)

Features

• hot module replacement for css modules (6d14e0a)

v1.1.4

1.1.4 (2020-04-15)

Chore

• update deps

v1.1.3

1.1.3 (2020-01-17)

Bug Fixes

• injection algorithm (#456) (236b243)

v1.1.2

1.1.2 (2019-12-25)

Bug Fixes

... (truncated)

Changelog

Sourced from style-loader's changelog.

1.3.0 (2020-10-03)

Features

• added modules.namedExport (#485) (15889db)

Bug Fixes

• check if btoa exists for old IE versions (#479) (732ef8b)
• esModule option issue (#476) (c623f27)

1.2.1 (2020-04-28)

Bug Fixes

• hot module replacement logic for lazy type (#468) (88a5c2b)

1.2.0 (2020-04-24)

Features

• hot module replacement for css modules (6d14e0a)

1.1.4 (2020-04-15)

Chore

• update deps

1.1.3 (2020-01-17)

Bug Fixes

• injection algorithm (#456) (236b243)

1.1.2 (2019-12-25)

Bug Fixes

• algorithm for importing modules (#449) (91ceaf2)
• checking that the list of modules is an array (#448) (1138ed7)

1.1.1 (2019-12-20)

... (truncated)

Commits

• e288500 chore(release): 1.3.0
• bed760f revert: node bump (#486)
• 15889db feat: added modules.namedExport (#485)
• 6e54e4f chore(deps): update
• 732ef8b fix: check if 'btoa' exists for old IE versions (#479)
• c623f27 fix: esModule option issue (#476)
• ae7d211 docs: fix typo for esModule (#473)
• b76cb97 chore: update Node.js required version (#474)
• 5520e68 chore(release): 1.2.1
• 88a5c2b fix: hot module replacement logic for lazy type (#468)
• Additional commits viewable in compare view

Updates webextension-toolbox from 3.0.0 to 4.0.3

Release notes

Sourced from webextension-toolbox's releases.

v4.0.3

• Merge pull request #494 from balcsida/bump-plugin 0480141
• Bump webpack-webextension-plugin aca3298
• Merge pull request #483 from webextension-toolbox/dependabot/npm_and_yarn/commander-8.0.0 56b8473
• Bump commander from 8.0.0-2 to 8.0.0 19f8ebb
• Merge pull request #492 from webextension-toolbox/dependabot/npm_and_yarn/core-js-3.15.2 ce8444b
• Merge pull request #493 from webextension-toolbox/dependabot/npm_and_yarn/webpack-5.42.0 4c8f497
• Merge pull request #488 from webextension-toolbox/dependabot/npm_and_yarn/string-replace-loader-3.0.3 51bf23e
• Bump webpack from 5.40.0 to 5.42.0 d3ea350
• Bump string-replace-loader from 3.0.2 to 3.0.3 d613295
• Bump core-js from 3.15.0 to 3.15.2 ba85193
• Merge pull request #485 from balcsida/ghactions/nodeci 4ad6afe
• Merge pull request #487 from webextension-toolbox/dependabot/npm_and_yarn/copy-webpack-plugin-9.0.1 297b9fb
• Bump copy-webpack-plugin from 9.0.0 to 9.0.1 e428f27
• Use Latest version of setup-node 894261d

https://github.com/webextension-toolbox/webextension-toolbox/compare/v4.0.2...v4.0.3

v4.0.2

• Merge pull request #486 from balcsida/bump_version f9b3933
• Bump webpack-webextension-plugin and node versions a0a025d
• Add version to example extension f50bdc7

https://github.com/webextension-toolbox/webextension-toolbox/compare/v4.0.1...v4.0.2

v4.0.1

• Fix a small issue with package-lock.json not working on Node 12.x

v4.0.0

Thanks for bearing with me, folks!

Changes

• All dependencies are now the latest and greatest - including Webpack, which was bumped from 2.6.1 to 5.40.0. As these dependency updates can introduce breaking changes for certain workflows, that's why the major version got bumped (v3.0.0 to v4.0.0)
• Edge is now Chromium - so it should get the polyfills automatically (kudos to @​fapdash for this)

Backstage

• All CI is now GitHub Actions
• Dependabot keeps us up to date
• Dropped Nodejs v10.x support, picked up v16.x
• Thanks to @​dotproto we now have a cleaner README

Changelog

Sourced from webextension-toolbox's changelog.

[4.0.3] - 2021-07-05

Changed

• Merge pull request #494 from balcsida/bump-plugin 0480141
• Bump webpack-webextension-plugin aca3298
• Merge pull request #483 from webextension-toolbox/dependabot/npm_and_yarn/commander-8.0.0 56b8473
• Bump commander from 8.0.0-2 to 8.0.0 19f8ebb
• Merge pull request #492 from webextension-toolbox/dependabot/npm_and_yarn/core-js-3.15.2 ce8444b
• Merge pull request #493 from webextension-toolbox/dependabot/npm_and_yarn/webpack-5.42.0 4c8f497
• Merge pull request #488 from webextension-toolbox/dependabot/npm_and_yarn/string-replace-loader-3.0.3 51bf23e
• Bump webpack from 5.40.0 to 5.42.0 d3ea350
• Bump string-replace-loader from 3.0.2 to 3.0.3 d613295
• Bump core-js from 3.15.0 to 3.15.2 ba85193
• Merge pull request #485 from balcsida/ghactions/nodeci 4ad6afe
• Merge pull request #487 from webextension-toolbox/dependabot/npm_and_yarn/copy-webpack-plugin-9.0.1 297b9fb
• Bump copy-webpack-plugin from 9.0.0 to 9.0.1 e428f27
• Use Latest version of setup-node 894261d

[4.0.2] - 2021-06-27

Changed

• Merge pull request #486 from balcsida/bump_version f9b3933
• Bump webpack-webextension-plugin and node versions a0a025d
• Add version to example extension f50bdc7

[4.0.1] - 2021-06-22

Changed

• Fix a small issue with package-lock.json not working on Node 12.x

[4.0.0] - 2021-06-22

Changed

• All dependencies are now the latest and greatest - including Webpack, which was bumped from 2.6.1 to 5.40.0. As these dependency updates can introduce breaking changes for certain workflows, that's why the major version got bumped (v3.0.0 to v4.0.0)
• Edge is now Chromium - so it should get the polyfills automatically (kudos to @​fapdash for this)
• All CI is now GitHub Actions
• Dependabot keeps us up to date
• Dropped Nodejs v10.x support, picked up v16.x
• Thanks to @​dotproto we now have a cleaner README

Commits

• 77acf7e 4.0.3
• 0480141 Merge pull request #494 from balcsida/bump-plugin
• aca3298 Bump webpack-webextension-plugin
• 56b8473 Merge pull request #483 from webextension-toolbox/dependabot/npm_and_yarn/com...
• 19f8ebb Bump commander from 8.0.0-2 to 8.0.0
• ce8444b Merge pull request #492 from webextension-toolbox/dependabot/npm_and_yarn/cor...
• 4c8f497 Merge pull request #493 from webextension-toolbox/dependabot/npm_and_yarn/web...
• 51bf23e Merge pull request #488 from webextension-toolbox/dependabot/npm_and_yarn/str...
• d3ea350 Bump webpack from 5.40.0 to 5.42.0
• d613295 Bump string-replace-loader from 3.0.2 to 3.0.3
• Additional commits viewable in compare view

Updates webpack from 4.44.2 to 5.75.0

Release notes

Sourced from webpack's releases.

v5.75.0

Bugfixes

• experiments.* normalize to false when opt-out
• avoid NaN%
• show the correct error when using a conflicting chunk name in code
• HMR code tests existance of window before trying to access it
• fix eval-nosources-* actually exclude sources
• fix race condition where no module is returned from processing module
• fix position of standalong semicolon in runtime code

Features

• add support for @import to extenal CSS when using experimental CSS in node
• add i64 support to the deprecated WASM implementation

Developer Experience

• expose EnableWasmLoadingPlugin
• add more typings
• generate getters instead of readonly properties in typings to allow overriding them

v5.74.0

Features

• add resolve.extensionAlias option which allows to alias extensions
  • This is useful when you are forced to add the .js extension to imports when the file really has a .ts extension (typescript + "type": "module")
• add support for ES2022 features like static blocks
• add Tree Shaking support for ProvidePlugin

Bugfixes

• fix persistent cache when some build dependencies are on a different windows drive
• make order of evaluation of side-effect-free modules deterministic between concatenated and non-concatenated modules
• remove left-over from debugging in TLA/async modules runtime code
• remove unneeded extra 1s timestamp offset during watching when files are actually untouched
  • This sometimes caused an additional second build which are not really needed
• fix shareScope option for ModuleFederationPlugin
• set "use-credentials" also for same origin scripts

Performance

• Improve memory usage and performance of aggregating needed files/directories for watching
  • This affects rebuild performance

Extensibility

• export HarmonyImportDependency for plugins

v5.73.0

... (truncated)

Commits

• 8241da7 5.75.0
• a91d923 Merge pull request #16458 from webpack/bugfix/semi
• 4608b11 Merge pull request #16457 from webpack/tooling/update
• dfdd0b0 Merge pull request #16122 from AnmolBansalDEV/bug/compilationCallback
• 23b9a1c Merge pull request #16167 from exposir/fixts
• 6f2c5e8 Merge pull request #16257 from alexzhang1030/calc_deterministic_verbose
• f7f36ad Merge pull request #16339 from Liamolucko/wasm-i64
• 761a542 fix semicolon position
• 2403a36 Merge pull request #16345 from ahabhgk/fix-eval-nosources
• c18203c update tooling
• Additional commits viewable in