twilio / twilio-voice-notification-app

Reference app built in ReactJS that demonstrates how to leverage Twilio Programmable Voice and Twilio SDKs to create a voice notification system.
Apache License 2.0
36 stars 26 forks source link

[Snyk] Security upgrade css-loader from 3.6.0 to 5.0.0 #68

Closed twilio-product-security closed 2 years ago

twilio-product-security commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 551/1000
Why? Recently disclosed, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-POSTCSS-1090595
Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: css-loader The new version differs by 76 commits.
  • 1351e3a chore(release): 5.0.0
  • 747d62b feat: allow named exports to have underscores in names (#1209)
  • 7bfe85d chore(deps): update (#1208)
  • b5c9379 feat: postcss@8 (#1204)
  • 92fe103 docs: context is localIdentContext in README (#1202)
  • e5a9272 chore(deps): update (#1203)
  • 63b41be refactor: emoji deprecate
  • 9f974be feat: reduce runtime
  • d779eb1 feat: escape getLocalIdent by default (#1196)
  • dd52931 feat: hide warning on no plugins (#1195)
  • 52412f6 feat: improve error message
  • 0f95841 feat: add fallback if custom getLocalIdent returns null (#1193)
  • 2f1573f feat: auto enable icss modules
  • df111b8 test: import with file protocol
  • cfe669f refactor: remove icss option (#1189)
  • 57eb505 chore(release): 4.3.0
  • 3ddcc7b chore(deps): update deps (#1186)
  • 88b8ddc fix: line breaks in `url` function
  • 8b865fe test: source map (#1180)
  • ec58a7c feat: the `importLoaders` can be `string` (#1178)
  • df490c7 test: sass-loader next (#1177)
  • 26a3062 chore(release): 4.2.2
  • e42f046 refactor: improve sources handling in source maps (#1176)
  • 4ce556a docs: fix type (#1174)
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic