[Snyk] Security upgrade css-loader from 3.6.0 to 5.0.0 - Githubissues

danwdart / projectchaplin

Free and Open Source Video Sharing Platform

GNU Affero General Public License v3.0

24 stars 11 forks source link

[Snyk] Security upgrade css-loader from 3.6.0 to 5.0.0 #240

Closed snyk-bot closed 2 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- src/php/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	551/1000 Why? Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: css-loader

The new version differs by 76 commits.

1351e3a chore(release): 5.0.0
747d62b feat: allow named exports to have underscores in names (#1209)
7bfe85d chore(deps): update (#1208)
b5c9379 feat: postcss@8 (#1204)
92fe103 docs: context is localIdentContext in README (#1202)
e5a9272 chore(deps): update (#1203)
63b41be refactor: emoji deprecate
9f974be feat: reduce runtime
d779eb1 feat: escape getLocalIdent by default (#1196)
dd52931 feat: hide warning on no plugins (#1195)
52412f6 feat: improve error message
0f95841 feat: add fallback if custom getLocalIdent returns null (#1193)
2f1573f feat: auto enable icss modules
df111b8 test: import with file protocol
cfe669f refactor: remove icss option (#1189)
57eb505 chore(release): 4.3.0
3ddcc7b chore(deps): update deps (#1186)
88b8ddc fix: line breaks in `url` function
8b865fe test: source map (#1180)
ec58a7c feat: the `importLoaders` can be `string` (#1178)
df490c7 test: sass-loader next (#1177)
26a3062 chore(release): 4.2.2
e42f046 refactor: improve sources handling in source maps (#1176)
4ce556a docs: fix type (#1174)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic