chore(deps): bump loader-utils and @symfony/webpack-encore

[dependabot[bot]]

Bumps loader-utils to 2.0.3 and updates ancestor dependency @symfony/webpack-encore. These dependencies need to be updated together.

Updates loader-utils from 1.2.3 to 2.0.3

Release notes

Sourced from loader-utils's releases.

v2.0.3

2.0.3 (2022-10-20)

Bug Fixes

• security: prototype pollution exploit (#217) (a93cf6f)

v2.0.2

2.0.2 (2021-11-04)

Bug Fixes

• base64 generation and unicode characters (#197) (8c2d24e)

v2.0.1

2.0.1 (2021-10-29)

Bug Fixes

• md4 support on Node.js v17 (#193) (1069f61)

v2.0.0

2.0.0 (2020-03-17)

⚠ BREAKING CHANGES

• minimum required Node.js version is 8.9.0 (#166) (c937e8c)
• the getOptions method returns empty object on empty query (#167) (b595cfb)
• Use md4 by default

v1.4.1

1.4.1 (2022-11-07)

Bug Fixes

• security problem (#220) (4504e34)

v1.4.0

1.4.0 (2020-02-19)

Features

• the resourceQuery is passed to the interpolateName method (#163) (cd0e428)

... (truncated)

Changelog

Sourced from loader-utils's changelog.

2.0.3 (2022-10-20)

Bug Fixes

• security: prototype pollution exploit (#217) (a93cf6f)

2.0.2 (2021-11-04)

Bug Fixes

• base64 generation and unicode characters (#197) (8c2d24e)

2.0.1 (2021-10-29)

Bug Fixes

• md4 support on Node.js v17 (#193) (1069f61)

2.0.0 (2020-03-17)

⚠ BREAKING CHANGES

• minimum required Node.js version is 8.9.0 (#166) (c937e8c)
• the getOptions method returns empty object on empty query (#167) (b595cfb)
• Use md4 by default

1.4.0 (2020-02-19)

Features

• the resourceQuery is passed to the interpolateName method (#163) (cd0e428)

1.3.0 (2020-02-19)

Features

• support the [query] template for the interpolatedName method (#162) (469eeba)

... (truncated)

Commits

• 7162619 chore(release): 2.0.3
• a93cf6f fix(security): prototype polution exploit (#217)
• 90c7c4b chore(release): 2.0.2
• 8c2d24e fix: base64 generation and unicode characters (#197)
• 5fb5562 chore(release): 2.0.1
• 1069f61 fix: md4 support on Node.js v17 (#193)
• d9f4e23 chore(release): 2.0.0
• 865dc03 refactor: switch to md4 by default (#168)
• b595cfb refactor: the getOptions method returns empty object on empty query (#167)
• c937e8c chore: minimum required Node.js version is 8.9.0 (#166)
• Additional commits viewable in compare view

Updates @symfony/webpack-encore from 0.33.0 to 4.1.1

Release notes

Sourced from @​symfony/webpack-encore's releases.

Fixing version typo in 4.1.0

Hey packagers!

A tiny release to fix a typo in 4.1.0 that made the package uninstallable.

Upgrading

Run:

npm install "@symfony/webpack-encore@^4.1.1" --save-dev
Or:
yarn upgrade "@​symfony/webpack-encore@^4.1.1"

Changes: v4.1.0..v4.1.1

Happy Packing!

Svelte Support and Vue 2 Support Fix

Hey packagers!

This release adds first-class support for Svelte and fixes Vue 2 support, which was accidentally lost in version 4.0.

Upgrading

Run:

npm install "@symfony/webpack-encore@^4.1.0" --save-dev
Or:
yarn upgrade "@​symfony/webpack-encore@^4.1.0"

Highlights

Features

• Add support for Svelte - #781 thanks to @​zairigimad

Bug Fixes

• Support for Vue 2 was accidentally dropped in 4.0.0, and was re-added - #1157 thanks to @​Kocal.

Changes: v4.0.0..v4.1.0

... (truncated)

Changelog

Sourced from @​symfony/webpack-encore's changelog.

CHANGELOG

v4.1.0

October 17th, 2022

Features

• Add support for Svelte - #781 thanks to @​zairigimad

Bug Fixes

• Support for Vue 2 was accidentally dropped in 4.0.0, and was re-added - #1157 thanks to @​Kocal.

v4.0.0

This major release makes Encore compatible with Yarn Plug'n'Play and pnpm.

BC Breaks

• The following dependencies must be added in your package.json: webpack webpack-cli @babel/core @babel/preset-env (#1142 and #1150):

npm install webpack webpack-cli @babel/core @babel/preset-env --save-dev
or via yarn
yarn add webpack webpack-cli @​babel/core @​babel/preset-env --dev

• The following dependencies must be removed from your package.json and Babel configuration: @babel/plugin-syntax-dynamic-import @babel/plugin-proposal-class-properties, since they are already included in @babel/preset-env (#1150):

npm remove @babel/plugin-syntax-dynamic-import @babel/plugin-proposal-class-properties
or via yarn
yarn remove @​babel/plugin-syntax-dynamic-import @​babel/plugin-proposal-class-properties

and remove it from your Encore configuration:

Encore.configureBabel((options) => {
-    config.plugins.push('@babel/plugin-proposal-class-properties');
+    
})

v3.1.0

August 24th, 2022

• Add vue 2.7 feature to allow dropping vue-template-compiler - #1134 thanks to @​billyct

... (truncated)

Commits

• b45a1c6 Tagging 4.1.1
• 1d54c54 bug #1160 fix(pkg): fix peerDependency constraints for vue and vue-loader (Ko...
• b0e9a3d fix(pkg): fix peerDependency constraints for vue and vue-loader
• d34dcbb 4.10 changelog
• a95b8b2 Tagging 4.1.0
• 2d94715 bug #1157 fix(peer-dependencies): re-allow Vue ^2.6 with Vue-loader ^15.0.11,...
• 36458e4 fix(peer-dependencies): re-allow Vue ^2.6 with Vue-loader ^15.0.11, close #1156
• f26aa6d feature #781 add svelte support to webpack encore (zairigimad, weaverryan)
• 9f6056b updating svelte and -loader versions
• 3799313 add functional test for svelte
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/koromerzhin/template-symfony/network/alerts).

[guardrails[bot]]

:warning: We detected 2 security issues in this pull request:

Vulnerable Libraries (2)

Severity | Details ----- | -------- High | [pkg:npm/express@4.18.2@4.18.2](https://github.com/koromerzhin/template-symfony/blob/61e9f680afc3e9070097386446efa1001238305f/package-lock.json#L19947) (t) - **no patch available** High | [ansi-regex@unknown](https://github.com/koromerzhin/template-symfony/blob/61e9f680afc3e9070097386446efa1001238305f/package-lock.json#L17018) (t) upgrade to: *3.0.0 || >4.1.0* More info on how to fix Vulnerable Libraries in [JavaScript](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/using_vulnerable_libraries.html?utm_source=ghpr#).

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

[dependabot[bot]]

Superseded by #130.