Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 1 vulnerabilities #7

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 1 vulnerabilities #7

wants to merge 1 commit into from

Conversation

rajis7474
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 551/1000
Why? Recently disclosed, Has a fix available, CVSS 5.3		 Improper Input Validation
SNYK-JS-POSTCSS-5926692		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: css-loader The new version differs by 206 commits.
  • 1351e3a chore(release): 5.0.0
  • 747d62b feat: allow named exports to have underscores in names (#1209)
  • 7bfe85d chore(deps): update (#1208)
  • b5c9379 feat: postcss@8 (#1204)
  • 92fe103 docs: context is localIdentContext in README (#1202)
  • e5a9272 chore(deps): update (#1203)
  • 63b41be refactor: emoji deprecate
  • 9f974be feat: reduce runtime
  • d779eb1 feat: escape getLocalIdent by default (#1196)
  • dd52931 feat: hide warning on no plugins (#1195)
  • 52412f6 feat: improve error message
  • 0f95841 feat: add fallback if custom getLocalIdent returns null (#1193)
  • 2f1573f feat: auto enable icss modules
  • df111b8 test: import with file protocol
  • cfe669f refactor: remove icss option (#1189)
  • 57eb505 chore(release): 4.3.0
  • 3ddcc7b chore(deps): update deps (#1186)
  • 88b8ddc fix: line breaks in `url` function
  • 8b865fe test: source map (#1180)
  • ec58a7c feat: the `importLoaders` can be `string` (#1178)
  • df490c7 test: sass-loader next (#1177)
  • 26a3062 chore(release): 4.2.2
  • e42f046 refactor: improve sources handling in source maps (#1176)
  • 4ce556a docs: fix type (#1174)

See the full diff

Package name: postcss-loader The new version differs by 39 commits.
  • 792e217 chore(release): 4.0.0
  • 598f36d docs: improve readme
  • cad6f07 fix: avoid mutations of options and config (#470)
  • 77449e1 test: union (#469)
  • 9b75888 feat: reuse AST from other loaders (#468)
  • 5e4a77b fix: resolve `from` and `to` from config and options (#467)
  • 225b2e5 refactor: do not validate `postcss` options (#466)
  • 3d32c35 fix: `default` export for plugins (#465)
  • 38ebe08 refactor: `execute` option (#464)
  • d0ea725 refactor: config loading
  • 108d871 test: more
  • b4d3bcc chore: remove unnecessary dev deps (#460)
  • 475278c chore: move `postcss` to `peerDependencies` (#459)
  • 98441ff fix: respect the `map` option and source maps (#458)
  • ba88040 refactor: do not pass meta from other loaders (#457)
  • 25a16a0 refactor: source map code
  • 677c2fe refactor: removed `inline` value for the `sourceMap` option (#454)
  • d8d84f7 refactor: code (#453)
  • 3cd85df refactor: code
  • 6eb44ed refactor: code
  • 53da71a refactor: sourcemap paths
  • d7bc470 feat: array syntax for plugins
  • 2cd7614 refactor: code (#451)
  • 60e4f12 docs: addDependency (#448)

See the full diff

Package name: stylelint The new version differs by 250 commits.
  • 060310c 14.0.0
  • ff4a1ef Prepare CHANGELOG
  • 8d2f6e1 Bump postcss (#5619)
  • f552608 Merge pull request #5618 from stylelint/dependabot/npm_and_yarn/husky-7.0.4
  • 7ed17ad Bump husky from 7.0.2 to 7.0.4
  • 4d9f75e Merge pull request #5617 from stylelint/dependabot/npm_and_yarn/jest-27.3.1
  • bc9dd0b Bump jest from 27.2.5 to 27.3.1
  • 82e2507 Merge pull request #5604 from stylelint/v14
  • 16d259f Update CHANGELOG.md
  • 70b1149 Fix false positives for dynamic-range keywords in media-feature-name-no-unknown (#5613)
  • 8dca498 Show more info in missing customSyntax warning (#5611)
  • 2eee0a9 Remove v14 CI triggers (#5610)
  • 12f8081 14.0.0-0
  • 5dd7ec1 Prepare 14.0.0
  • 67313a3 Add support for `extends` in `overrides` config (#5603)
  • b6fd2fc Document no need for postcss-html maintainer (#5602)
  • bf28025 Recommend using shared configs (#5598)
  • 07118d6 Update CHANGELOG.md
  • 367142a Change `ignoreFiles` to be extendable (#5596)
  • 1b4162f Fix conflicts in dependabot
  • 87c5fde Bump picocolors from 0.2.1 to 1.0.0 (#5601)
  • 1f32094 Bump typescript from 4.4.3 to 4.4.4 (#5599)
  • 88b9575 Revise contributors section of README (#5585)
  • e38da70 Use problem rather than violation in docs and types (#5592)

See the full diff

Package name: stylelint-order The new version differs by 121 commits.
  • 46a1adf 5.0.0
  • cf60f75 Prepare 5.0.0
  • 5a2a9d4 Capitalize Stylelint name
  • b004e65 Merge pull request #150 from hudochenkov/stylelint-v14
  • 94c8847 Remove debugging commands
  • acd5c0f Use latest npm in all Node versions
  • 8337b7e Add debugging commands
  • 957a4ce Rebuild package-lock from scratch in attempt to fix CI
  • 9169c66 Use latest PostCSS
  • cec0a74 Use stylelint released version
  • 50f823f Remove `disableFix` option from rules
  • 6e7330a Compatibility with newer postcss-sorting
  • 4597116 Install PostCSS 8 and Stylelint v14
  • 12dbd81 Explicitly install custom syntaxes
  • 908f93f Upgrade dependencies
  • 2c2d40d Use tabs in package.json
  • 98c82b9 Update CI
  • aa85472 Remove lodash
  • 2a26ae3 Update ESLint config
  • 61ab714 Add note about declaration-empty-line-before (#134)
  • b2d454b Update dependencies
  • 35651ad Use lockfile v2
  • d1c8d91 Fix typo
  • 5d29236 Bump node-notifier from 8.0.0 to 8.0.1

See the full diff

Package name: stylelint-selector-bem-pattern The new version differs by 15 commits.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
馃 View latest project report

馃洜 Adjust project settings

馃摎 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

馃 Improper Input Validation

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@rajis7474 @snyk-bot