Open snyk-bot opened 1 year ago
(*) Note that the real score may have changed since the PR was raised.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: 🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Prototype Pollution
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
With an upgrade:
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.4
SNYK-JS-JSON5-3182856
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: file-loader
The new version differs by 28 commits.- e44eb73 chore(release): 6.0.0
- ad39022 chore(deps): update (#369)
- e1fe27c docs: update README.md (#368)
- c2aded7 chore(release): 5.1.0
- cd8698b feat: support the `query` template for the `name` option (#366)
- 5703c58 chore(deps): update (#365)
- 521bff2 chore: remove duplicate prettier config file (#357)
- 5ffac2e refactor: added description on esModule (#358)
- 190829e docs: fix the description of the `esModule` option (#348)
- f1b071c chore(release): 5.0.2
- 6431101 chore: add the `funding` field in `package.json` (#347)
- 90302cd chore(release): 5.0.1
- 31d6589 fix: name of `esModule` option in source code (#346)
- 2a18cba chore(release): 5.0.0
- 98a6c1d refactor: next (#345)
- 0df6c8d chore(release): 4.3.0
- a2f5faf refactor: code (#344)
- 9b9cd8d feat: new options flag to output ES2015 modules (#340)
- ba0fd4c chore(release): 4.2.0
- 642ee74 docs: improve readme (#341)
- c136f44 feat: `postTransformPublicPath` option (#334)
- d441daa chore(release): 4.1.0
- 705eed4 feat: improved validation error messages (#339)
- d016daa chore(release): 4.0.0
See the full diffPackage name: styled-jsx
The new version differs by 70 commits.- 13bd38d docs: update issue template
- 75ee544 docs: add changelog and update readme (#775)
- 104ab76 docs: update ssr and nextjs (#771)
- 36fe10a perf: Pre-compile dependencies to reduce install size/time (#770)
- b7832e9 perf: fallback to module level registry in browser (#768)
- 9956457 doc: update issue template asking for nextjs version (#765)
- b67b0d9 fix: use string for nonce typing (#766)
- d43074f fix: typo acceps -> accepts (#760)
- 9951745 typing: return JSX.Element for registry.styles (#759)
- 6e224a9 feat: opt in insertion effect hook when available (#753)
- dcadf5d fix: Make `JSXStyle` return a noop if the registry context is not provided (#749)
- 174a186 chore: setup beta release
- 45753c3 fix: zeit -> vercel (#746)
- 48faf00 feat: contextual styles (#744)
- 8b585d5 chore: update npm token (#743)
- 69a76f2 fix: mark @ babel/core as optional peer dependency (#739)
- 2a1bb87 chore: format files with prettier (#740)
- 2428d38 test: remove broken test input (#738)
- 8f4404a chore: use modern eslint and limit engines (#735)
- 7c04667 docs: remove old Spectrum link from the README (#734)
- d591ce2 perf: drop babel 6 support (#730)
- 48a2599 feat: use react hooks to manage styles injection (#720)
- b7f7dc3 chore: auto publish when merging to alpha (#727)
- 452d2e8 fix: update test snapshots (#729)
See the full diffCheck the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Prototype Pollution