[Snyk] Fix for 1 vulnerabilities

[bizoton19]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	551/1000 Why? Recently disclosed, Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-POSTCSS-5926692	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: css-loader

The new version differs by 250 commits.

• 1351e3a chore(release): 5.0.0
• 747d62b feat: allow named exports to have underscores in names (#1209)
• 7bfe85d chore(deps): update (#1208)
• b5c9379 feat: postcss@8 (#1204)
• 92fe103 docs: context is localIdentContext in README (#1202)
• e5a9272 chore(deps): update (#1203)
• 63b41be refactor: emoji deprecate
• 9f974be feat: reduce runtime
• d779eb1 feat: escape getLocalIdent by default (#1196)
• dd52931 feat: hide warning on no plugins (#1195)
• 52412f6 feat: improve error message
• 0f95841 feat: add fallback if custom getLocalIdent returns null (#1193)
• 2f1573f feat: auto enable icss modules
• df111b8 test: import with file protocol
• cfe669f refactor: remove icss option (#1189)
• 57eb505 chore(release): 4.3.0
• 3ddcc7b chore(deps): update deps (#1186)
• 88b8ddc fix: line breaks in `url` function
• 8b865fe test: source map (#1180)
• ec58a7c feat: the `importLoaders` can be `string` (#1178)
• df490c7 test: sass-loader next (#1177)
• 26a3062 chore(release): 4.2.2
• e42f046 refactor: improve sources handling in source maps (#1176)
• 4ce556a docs: fix type (#1174)

See the full diff

Package name: cssnano

The new version differs by 250 commits.

• 0e2c3bf Merge pull request #1043 from cssnano/fix-svg-warnings
• 7ae1cf7 fix(postcss-svgo): fix processing declaration mixing svg and non svg
• 747f16c Merge pull request #1039 from cssnano/v5
• ac2dbc7 Publish
• 53a5d66 Merge pull request #1034 from cssnano/silence-cve-alerts
• fc8a52a refactor(postcss-svgo): always warn on invalid SVG
• 22d2a18 refactor: remove is-svg dependency
• 60d107b Merge pull request #1017 from cssnano/5.0.0-rc2
• 5ba19ca Publish
• 4218332 Merge pull request #1016 from cssnano/update-svgo
• dbc08bf test: update SVG output in framework tests
• aa07cfd fix: update SVGO
• c4a4f69 Merge pull request #1014 from cssnano/fix-babel-deps
• d8bcfb6 chore: regenerate yarn.lock and update all deps
• 1ae7022 Merge pull request #1011 from cssnano/update-node-target
• b521501 chore: update Babel and Babel config
• b6e7f2b chore: transpile only for supported Node.js versions
• 80dd2e3 Merge pull request #1010 from cssnano/update-lerna
• 618b170 chore: update lerna to latest major
• 114efb0 Merge pull request #1008 from cssnano/5.0.0-rc1
• 58fa95f Publish
• 752a270 fix(cssnano-utils): get rid of deprecation warning
• 600b30f docs: add release instructions (#1001)
• 815be8e Merge pull request #998 from cssnano/5.0.0

See the full diff

Package name: gulp-postcss

The new version differs by 23 commits.

• 94170d6 Release 9.0.0
• f3751c8 Merge pull request #162 from m4thieulavoie/chore/postcss-major-bump
• c0519ac fix: changing node versions
• 0a013d0 fix: added postcss in devDependencies for testing
• 00698a5 Merge pull request #164 from alkorlos/refactor-readme-pcss-extension
• c27fd58 chore: bump postcss-load-config version
• dd4c4e9 (md) update: readmy using with .pcss extension
• 12281d3 docs: pr comments
• 1822c0f docs: updated docs
• 5c04694 fix: moved to peer deps
• 2ab04af chore: bump postcss version to 8
• 5f92ee0 Merge pull request #158 from fredrikpaues/patch-1
• 5edc4aa No `eachDecl` method
• 7e388ec Update README.md: Use SVG badges for readability
• b786700 Update dependencies
• 90a1206 Merge pull request #152 from ZeeCoder/small-updates
• 6adfc53 Fixed deprecations
• d1197f8 Release 8.0.0
• 5a70984 Bump the dependencies
• 71265a8 Merge pull request #145 from gisu/master
• 31de6e9 Dropped Node 4 Support
• d4f2398 Updated Dependencies
• 3a87a1c Update README.md

See the full diff

Package name: postcss-import

The new version differs by 39 commits.

• 7cdbb2b 13.0.0
• a189892 Update dependency sugarss to v3 (#433)
• 64d57af Update dependency postcss-scss to v3 (#431)
• 4fb6746 Update dependency postcss-value-parser to v4 (#423)
• 19632bc Update dependency prettier to v2 (#419)
• c5679db Add support for postcss v8 (#432)
• d288ea3 BREAKING: Require Node 10 or later; update CI config (#429)
• 21ad9eb Configure Renovate (#411)
• 614fb64 Fix linting
• 3a7f728 Update prettier to version 1.19.1 (#408)
• 7680182 Update prettier to version 1.18.0 (#398)
• 25013d6 chore(package): update prettier to version 1.17.0 (#393)
• 87f4320 Update eslint-plugin-import to version 2.17.1 (#395)
• 56516e7 Actually fix sourcmap test
• 93b7af8 Fix sourcemap tests
• d68f50a Update ava to version 1.0.1 (#384)
• 00e2d03 Update LICENSE (#383)
• eb7ff85 Update prettier to version 1.15.0 (#382)
• 397cc44 12.0.1
• 67f4553 Set plugin property on dependency messages (#380)
• f98dd1a Update eslint-plugin-prettier to version 3.0.0 (#377)
• 85c7e6a Update sugarss to version 2.0.0 (#375)
• a9a7ab2 Loosen prettier dependency to use ~ instead of pinning versions
• 20dd08f Remove npmpub; doesn't work with npm 2FA --otp

See the full diff

Package name: postcss-loader

The new version differs by 69 commits.

• 792e217 chore(release): 4.0.0
• 598f36d docs: improve readme
• cad6f07 fix: avoid mutations of options and config (#470)
• 77449e1 test: union (#469)
• 9b75888 feat: reuse AST from other loaders (#468)
• 5e4a77b fix: resolve `from` and `to` from config and options (#467)
• 225b2e5 refactor: do not validate `postcss` options (#466)
• 3d32c35 fix: `default` export for plugins (#465)
• 38ebe08 refactor: `execute` option (#464)
• d0ea725 refactor: config loading
• 108d871 test: more
• b4d3bcc chore: remove unnecessary dev deps (#460)
• 475278c chore: move `postcss` to `peerDependencies` (#459)
• 98441ff fix: respect the `map` option and source maps (#458)
• ba88040 refactor: do not pass meta from other loaders (#457)
• 25a16a0 refactor: source map code
• 677c2fe refactor: removed `inline` value for the `sourceMap` option (#454)
• d8d84f7 refactor: code (#453)
• 3cd85df refactor: code
• 6eb44ed refactor: code
• 53da71a refactor: sourcemap paths
• d7bc470 feat: array syntax for plugins
• 2cd7614 refactor: code (#451)
• 60e4f12 docs: addDependency (#448)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Improper Input Validation