[Snyk] Fix for 1 vulnerabilities

[dineshvgp]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	713/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.4	Prototype Pollution SNYK-JS-JSON5-3182856	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: coffee-loader

The new version differs by 26 commits.

• 9fbd029 chore(release): 1.0.0
• 4b1420a feat: bare option ([Snyk] Security upgrade cerebral-module-http from 0.1.1 to 0.4.0 #71)
• e986115 docs: literate CoffeeScript ([Snyk] Security upgrade cerebral-module-http from 0.1.1 to 0.4.0 #70)
• 67b88d8 test: improve
• e782916 refactor: next
• fff0e7a docs(README): update `coffeescript.org` url to use https ([Snyk] Security upgrade vue-style-loader from 1.0.0 to 2.0.1 #63)
• 3b9b0cf docs(README): remove `sourceMap` reference (`options.sourceMap`) ([Snyk] Fix for 1 vulnerabilities #50)
• fc0d9aa chore(release): 0.9.0
• abaf498 feat: add `transpile` option (`options.transpile`) ([Snyk] Security upgrade cerebral-module-http from 0.1.1 to 0.4.0 #47)
• 995e7b8 chore: Removes header duplication from changelog
• 4f2d339 chore(release): 0.8.0
• cb24882 chore: fix release script
• a84b639 chore: Add homepage field to pacakge
• 0b69430 chore: Adds release script
• 74ca767 chore: Adds release tooling & formats license field
• 6f6dded docs(README): explain what the loader does ([Snyk] Security upgrade ws from 1.1.5 to 7.4.6 #38)
• e5c24cc feat: add support for coffeescript 2 dependency ([Snyk] Security upgrade cerebral-module-http from 0.1.1 to 0.4.0 #30)
• 69ebdf4 fix([Snyk] Security upgrade htmlhint from 0.9.13 to 0.10.0 #25): fix coffee-script dependency version (@ jacobthemyth)
• e7a1539 chore(release): coffee-loader v0.7.3
• 4e6b430 fix(getOptions): deprecation warn in loaderUtils ([Snyk] Security upgrade htmlhint from 0.9.13 to 0.10.0 #28)
• 420e07f docs(README): add JSF Maintainers
• ad86c10 docs(README): refactor for webpack v2
• 9a7ae26 docs(LICENSE): add JSF License
• 9d564d6 Update README to use -loader suffix to support webpack 2

See the full diff

Package name: css-loader

The new version differs by 250 commits.

• 7857d8f chore(release): 4.0.0
• 5604205 feat: support `file:` protocol
• 5303db2 chore(deps): update (#1131)
• 9aa0549 chore(deps): update
• a54c955 test: imports
• 5b45d87 test: support in `@ import` at-rule
• 83515fa refactor: code
• 1c20b1e fix: parsing
• 7f49a0a feat: `@ value` supports importing `url()` (#1126)
• 791fff3 refactor: named export (#1125)
• 01e8c76 refactor: change function arguments of the `import` option (#1124)
• c153fe6 refactor: improve schema options (#1123)
• 58b4b98 test: unresolved (#1122)
• d2f6bd2 refactor: getLocalIdent function (#1121)
• 069dbb0 refactor: the `modules.localsConvention` option was renamed to the `modules.exportLocalsConvention` option (#1120)
• fc04401 refactor: the `modules.context` option was renamed to the `modules.localIdentContext` option (#1119)
• 3a96a3d refactor: the `hashPrefix` option was renamed to the `localIdentHashPrefix` option (#1118)
• 0080f88 refactor: default values `modules` and `module.auto` are true (#1117)
• e1c55e4 refactor: rename the `onlyLocals` option (#1116)
• ac5f413 refactor: code
• a5c1b5f test: code coverange (#1114)
• 908ecee refactor: `esModule` option is `true` by default (#1111)
• 7cca035 test: coverange (#1112)
• bc19ddd feat: improve `url()` resolving algorithm

See the full diff

Package name: imports-loader

The new version differs by 29 commits.

• ebfc6ad chore(release): 1.0.0
• 574b5f6 refactor: `wrapper` option ([Snyk] Security upgrade ws from 1.1.5 to 8.17.1 #78)
• c7f8799 fix: respect 'use strict' ([Snyk] Fix for 1 vulnerabilities #77)
• 9e2cec4 refactor: code
• 7265bc8 refactor: options for commonjs
• bef708f refactor: code
• 754baa8 chore: defaults update ([Snyk] Security upgrade node-pre-gyp from 0.6.39 to 0.17.0 #73)
• 94fda1f ci: test Node.js 6, 8, 10 and 11 ([Snyk] Fix for 13 vulnerabilities #69)
• a3ac1c5 chore(release): 0.8.0
• bd999b4 chore(package): rm `yarn.lock`
• 7ac98f8 chore(package): update `source-map` v0.5.6...0.6.1 ([Snyk] Security upgrade vue-style-loader from 1.0.0 to 2.0.1 #59)
• abea1c2 docs(README): update to webpack 2 syntax ([Snyk] Fix for 1 vulnerabilities #51)
• 8cffbbb docs(README): link to webpack 2 docs ([Snyk] Security upgrade cerebral-module-http from 0.1.1 to 0.4.0 #49)
• 44d6f48 feat: allow loading nested objects onto existing libraries ([Snyk] Fix for 1 vulnerabilities #45)
• 3c8b7f2 chore(release): imports-loader v0.7.1
• 2be21e4 ci(Travis): update to contrib standard build ([Snyk] Security upgrade node-pre-gyp from 0.6.39 to 0.8.0 #42)
• 7129a27 fix(getOptions): deprecation warn in loaderUtils ([Snyk] Security upgrade node-sass from 3.13.1 to 5.0.0 #41)
• 0e14835 Merge pull request [Snyk] Fix for 2 vulnerabilities #40 from webpack-contrib/d3viant0ne-JSFMaintainers
• cac3c87 docs(readme): updates for JSF maintainers
• 1867023 0.7.0
• 7c03b4d add license file
• 6f422ef only include index file in npm package
• 1eb9dbe update source-map dep
• 77fed5b add travis

See the full diff

Package name: less-loader

The new version differs by 155 commits.

• 73740a8 chore(release): 6.0.0
• 4579dfb refactor: code (#349)
• 1aff534 refactor: code
• 3931470 feat: `paths` now works with webpack resolver
• cecf183 test: appendData prependData, when they are string (#345)
• a1cf249 refactor: moving processResult in index (#344)
• bffbc5e refactor: import from scoped npm packages (#343)
• b04cb0d test: import through plugin (#341)
• 221714b test: import nested (#342)
• 443bd5a refactor: first resolve filename in less, then in webpack (#340)
• 82cb6a7 chore(deps): update
• d7590b5 refactor: deleting a mention about less2 (#337)
• fb94605 feat: added the `appendData` option (#336)
• 24021cd fix: import alias without tilde (#335)
• 4604f20 test: import files hosted remotely (#334)
• 8e020e9 fix: import files hosted remotely (#333)
• cfeccd5 chore: drop less@2 (#331)
• 4f894bc test: fixes (#330)
• 9df8755 feat: allow data to be prepended via `options.prependData` (#327)
• ce03da9 docs: add example for `lessOptions` using a function (#326)
• a6be94a feat: allow a function to be used for `lessOptions` (#325)
• cdb611f chore: update README with examples, change lessOptions to only allow objects (#324)
• 6fc1392 chore: remove `pify` in favour of `util.promisify` (#323)
• fed50ba chore: remove sync check (#322)

See the full diff

Package name: sass-loader

The new version differs by 250 commits.

• 45bd865 chore(release): 9.0.0
• 0629915 refactor: code before release
• c11478d test: ambiguous imports (#855)
• 73009fd docs: yarn pnp + using `dart-sass` by default (#854)
• d487683 feat: pass the loader context to custom importers under `this.webpackLoaderContext` property (#853)
• b3ffd5b test: resolution logic (#852)
• 3abe3f5 fix: resolution logic
• 20b7a11 docs: fix link for prependData (#847)
• 006c02e refactor: code
• 2a18d5b ci: node@14 (#842)
• 17832fd fix: resolution for `file` scheme
• 744112d fix: perf (#840)
• aeb86f0 fix: resolution logic (#839)
• 7380b7b fix: resolution logic (#838)
• 0c8d3b3 feat: support `process.cwd()` resolution (#837)
• 8376179 feat: support SASS-PATH env variable (#836)
• ddeff88 test: refactor (#835)
• 24c852a docs: options table (#834)
• f892eba refactor: code (#833)
• 68dd278 fix: avoid different content on different os (#832)
• 1655baf fix: resolution logic (#831)
• fe3b33b fix: resolution logic (#830)
• 41e0e45 test: foundation-sites (#829)
• a3dec34 chore: minimum supported Nodejs version is `10.13` (#828)

See the full diff

Package name: style-loader

The new version differs by 165 commits.

• 171a747 chore(release): 1.1.4
• af1b4a9 chore(deps): update
• a003f05 docs: add links for the options table (#460)
• 2756e03 chore(release): 1.1.3
• 236b243 fix: injection algorithm (#456)
• 36bd8f1 docs: fix typos (#453)
• de38c39 chore(release): 1.1.2
• 91ceaf2 fix: algorithm for importing modules (#449)
• 1138ed7 fix: checking that the list of modules is an array (#448)
• aa418dd chore(release): 1.1.1
• 7ee8b04 fix: add empty default export for `linkTag` value
• c69ea6c chore(release): 1.1.0
• c7d6e3a fix: order of imported styles (#443)
• a283b30 test: more manual test (#442)
• 3415266 feat: `esModule` option (#441)
• 907aed8 test: refactor (#440)
• 28e1628 refactor: code (#438)
• 5c51b90 refactor: cjs (#437)
• 609263a test: refactor
• 7768fce chore(release): 1.0.2
• dcbfadb fix: support ES module syntax (#435)
• d515edc chore(deps): update (#434)
• 4c1e3f3 docs: fixed typo 'doom' to 'DOM' in README.md (#432)
• c6164d5 chore(release): 1.0.1

See the full diff

Package name: ts-loader

The new version differs by 250 commits.

• 268bc69 chore(deps): upgrade most production deps (#1237)
• e160564 Add a cache to file path mapping (#1228)
• 14fa3f8 Add documentation about performance profiling (#1230)
• 3cc78b8 Fix typo in README.md (#1229)
• 8f2a509 Add documentation for the useCaseSensitiveFileNames option (#1227)
• 566e6ce Instead of checking date, check time thats more accurate to see if something has changed (#1217)
• 172ebeb Feature/typescript 4 1 (#1213)
• 0816fe9 Add peer dependencies for Yarn PnP (#1209)
• 4909d99 Fixed missing errors in watch mode in webpack5 (#1208)
• 3f73e98 Fix failed builds when using thread-loader (#1207)
• e90f8ad Fix memory leak when using multiple webpack instances (#1205)
• 95050eb Speeds up project reference build and doesnt store the result in memory (#1202)
• f99c7c4 doc: escape pipe in table (#1201)
• 0b4a86d Replace afterCompile to stop webpack 5 warning (#1200)
• 6d8d601 Fixed deprecation warnings on webpack@5. (#1195)
• cafc933 Fix installation link on README.md (#1192)
• f5e901e Bump http-proxy in /examples/react-babel-karma-gulp (#1182)
• 0767bce add github action status badge (#1190)
• db5ea55 Feature/upgrade testpack to ts4 (#1189)
• 95b6fe8 Uses existing instance if config file is same as already built solution (#1177)
• b38678a Update minimum compiler version to 3.6.3 (#1188)
• f8eba53 Add documentation and example code for projectReferences (#1184)
• 46d9761 Update docs to show transpileOnly does not affect project references (#1175)
• 0e64ceb Fix getOptionsHash when two options has different props but same values. (#1170)

See the full diff

Package name: url-loader

The new version differs by 69 commits.

• 8828d64 chore(release): 4.0.0
• fc8721f chore(deps): migrate on `mime-types` package (I seem to have broken webpack-bin! christianalfoni/webpack-bin#209)
• f13757a chore(deps): update (Cannot find configured dependency christianalfoni/webpack-bin#208)
• a2f127d fix: description on the `esModule` option (Updated to add babel-core to depLoaders christianalfoni/webpack-bin#204)
• 4301f87 chore(release): 3.0.0
• 3f0bbc5 refactor: next ([ERROR]: Create css/file.css christianalfoni/webpack-bin#198)
• 2451157 chore(release): 2.3.0
• 0ee2b99 feat: new `esModules` option to output ES modules
• cbd1950 chore(release): 2.2.0
• 196110e fix: yarn pnp support ([Enhancement] Rename filename christianalfoni/webpack-bin#195)
• 9431124 docs: improve documentation about `fallback` ([Enhancement] Add Project Tree christianalfoni/webpack-bin#194)
• a251a23 chore(deps): update (downloaded bin require manual npm i babel-core  christianalfoni/webpack-bin#193)
• 2bffcfd fix: limit must allow infinity and max value (Ability to add special webpack configuration options christianalfoni/webpack-bin#192)
• 1b9dbd1 chore(release): 2.1.0
• f3d4dd2 feat: improved validation error messages (Problem with usage of Minified version of React ? christianalfoni/webpack-bin#187)
• 37c6acc chore(release): 2.0.1
• 4842f93 fix: allow using limit as string when you use loader with query string (Alert when closing tab christianalfoni/webpack-bin#185)
• c0341da chore(defaults): update (VueJS 2.0 christianalfoni/webpack-bin#184)
• 78833ac chore(release): 2.0.0
• 4386b3e chore(deps): update (how to import 'material-ui/Table' or 'material-ui/Style' ? christianalfoni/webpack-bin#182)
• 60d2cb3 feat: limit option can be boolean (Link to file christianalfoni/webpack-bin#181)
• d82e453 fix: `limit` should always be a number and 0 value handles as number (Specifying codemirror version to prevent breaking change christianalfoni/webpack-bin#180)
• 3c24545 fix: fallback loader will be used than limit is equal or greater (codemirror 5.18.0 has breaking changes, must limit to 5.17.0 christianalfoni/webpack-bin#179)
• a6705cc test: test svg scenario. Angular 2.0.2 (final) bin christianalfoni/webpack-bin#176 (How to import Material UI icons christianalfoni/webpack-bin#177)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution