[Snyk] Fix for 10 vulnerabilities #31

snyk-bot · 2022-09-26T12:28:05Z

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
479/1000 Why? Has a fix available, CVSS 5.3	Improper Certificate Validation SNYK-JS-NODESASS-1059081	Yes	No Known Exploit
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SCSSTOKENIZER-2339884	Yes	No Known Exploit
624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	Yes	No Known Exploit
624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	Yes	No Known Exploit
410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	Yes	No Known Exploit
639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	Yes	No Known Exploit
639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	Yes	No Known Exploit
639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: css-loader

The new version differs by 67 commits.

634ab49 chore(release): 2.0.0
6ade2d0 refactor: remove unused file (#860)
e7525c9 test: nested url (#859)
7259faa test: css hacks (#858)
5e6034c feat: allow to filter import at-rules (#857)
5e702e7 feat: allow filtering urls (#856)
9642aa5 test: css stuff (#855)
3338656 fix: reduce number of require for url (#854)
533abbe test: issue 636 (#853)
08c551c refactor: better warning on invalid url resolution (#852)
b0aa159 test: issue #589 (#851)
f599c70 fix: broken unucode characters (#850)
1e551f3 test: issue 286 (#849)
419d27b docs: improve readme (#848)
d94a698 refactor: webpack-default (#847)
b97d997 feat: schema options
453248f fix: support module resolution in composes (#845)
8a6ea10 refactor: postcss plugins (#844)
fdcf687 fix: url resolving logic (#843)
889dc7f feat: allow to disable css modules and disable their by default (#842)
ee2d253 test: importLoaders option (#841)
1dad1fb feat: reuse postcss ast from other loaders (i.e `postcss-loader`) (#840)
fe94ebc test: icss reserved keywords (#839)
9eaba66 refactor: migrate on message api for postcss-icss-plugin (#838)

Package name: node-sass

The new version differs by 90 commits.

3b556c1 7.0.2
c716359 Bump sass-graph@^4.0.1 (#3292)
24741b3 docs(readme): fix docpad plugin link
1523330 feat: Drop Node 12
365d357 update https://registry.npm.taobao.org to https://registry.npmmirror.com
1456114 build(deps): bump actions/upload-artifact from 2 to 3
b465b69 chore: bump GitHub Actions to Windows 2019 (#3254)
e6194b1 build(deps): bump make-fetch-happen from 9.1.0 to 10.0.4
4edf594 build(deps): bump node-gyp from 8.4.1 to 9.0.0
29e2344 build(deps): bump actions/checkout from 2 to 3
85b0d22 build(deps): bump actions/setup-node from 2 to 3
3bb51da Use make-fetch-happen instead of request (#3193)
adc2f8b build(deps): bump true-case-path from 1.0.3 to 2.2.1 (#3000)
77d12f0 chore: disable Apline for Node 16/17 builds
308d533 ci: use Python 3 for Node 12
c818907 ci: unpin actions/setup-node to v2
99242d7 7.0.1
77049d1 build(deps): bump sass-graph from 2.2.5 to 4.0.0 (#3224)
c929f25 build(deps): bump node-gyp from 7.1.2 to 8.4.1 (#3209)
918dcb3 Lint fix
0a21792 Set rejectUnauthorized to true by default (#3149)
e80d4af chore: Drop EOL Node 15 (#3122)
d753397 feat: Add Node 17 support (#3195)
dcf2e75 build(deps-dev): bump eslint from 7.32.0 to 8.0.0