[Snyk] Fix for 1 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	713/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.4	Prototype Pollution SNYK-JS-JSON5-3182856	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: css-loader

The new version differs by 250 commits.

• 7857d8f chore(release): 4.0.0
• 5604205 feat: support `file:` protocol
• 5303db2 chore(deps): update (#1131)
• 9aa0549 chore(deps): update
• a54c955 test: imports
• 5b45d87 test: support in `@ import` at-rule
• 83515fa refactor: code
• 1c20b1e fix: parsing
• 7f49a0a feat: `@ value` supports importing `url()` (#1126)
• 791fff3 refactor: named export (#1125)
• 01e8c76 refactor: change function arguments of the `import` option (#1124)
• c153fe6 refactor: improve schema options (#1123)
• 58b4b98 test: unresolved (#1122)
• d2f6bd2 refactor: getLocalIdent function (#1121)
• 069dbb0 refactor: the `modules.localsConvention` option was renamed to the `modules.exportLocalsConvention` option (#1120)
• fc04401 refactor: the `modules.context` option was renamed to the `modules.localIdentContext` option (#1119)
• 3a96a3d refactor: the `hashPrefix` option was renamed to the `localIdentHashPrefix` option (#1118)
• 0080f88 refactor: default values `modules` and `module.auto` are true (#1117)
• e1c55e4 refactor: rename the `onlyLocals` option (#1116)
• ac5f413 refactor: code
• a5c1b5f test: code coverange (#1114)
• 908ecee refactor: `esModule` option is `true` by default (#1111)
• 7cca035 test: coverange (#1112)
• bc19ddd feat: improve `url()` resolving algorithm

See the full diff

Package name: postcss-loader

The new version differs by 250 commits.

• 792e217 chore(release): 4.0.0
• 598f36d docs: improve readme
• cad6f07 fix: avoid mutations of options and config (Refactor the distribution summary component getguesstimate/guesstimate-app#470)
• 77449e1 test: union (Points should get statistics too, for rendering. getguesstimate/guesstimate-app#469)
• 9b75888 feat: reuse AST from other loaders (Save the guesstimate type with the guesstimate editor. getguesstimate/guesstimate-app#468)
• 5e4a77b fix: resolve `from` and `to` from config and options (Storing sorted samples and eliminating as many copies of samples as possible. getguesstimate/guesstimate-app#467)
• 225b2e5 refactor: do not validate `postcss` options (Metrics should update only when necessary. getguesstimate/guesstimate-app#466)
• 3d32c35 fix: `default` export for plugins (Metric modals should only render when they are open, not otherwise. getguesstimate/guesstimate-app#465)
• 38ebe08 refactor: `execute` option (06/03 Release: Minor editor enhancements and a bugfix for simulating after adding custom data. getguesstimate/guesstimate-app#464)
• d0ea725 refactor: config loading
• 108d871 test: more
• b4d3bcc chore: remove unnecessary dev deps (v0.5.1: Organizational Member Edit Pages getguesstimate/guesstimate-app#460)
• 475278c chore: move `postcss` to `peerDependencies` (Several misc. organization members portal fixes. getguesstimate/guesstimate-app#459)
• 98441ff fix: respect the `map` option and source maps (Several organization pagefixes. getguesstimate/guesstimate-app#458)
• ba88040 refactor: do not pass meta from other loaders (Get memberships and invitations from organization response, not separately. getguesstimate/guesstimate-app#457)
• 25a16a0 refactor: source map code
• 677c2fe refactor: removed `inline` value for the `sourceMap` option (Removing an unused import. getguesstimate/guesstimate-app#454)
• d8d84f7 refactor: code (v0.5.0: Undo/Redo, New Space Header, Viewing/Editing modes getguesstimate/guesstimate-app#453)
• 3cd85df refactor: code
• 6eb44ed refactor: code
• 53da71a refactor: sourcemap paths
• d7bc470 feat: array syntax for plugins
• 2cd7614 refactor: code (Only perform blur when text input has focus getguesstimate/guesstimate-app#451)
• 60e4f12 docs: addDependency (Only show the progress message in edits allowed mode getguesstimate/guesstimate-app#448)

See the full diff

Package name: url-loader

The new version differs by 69 commits.

• 8828d64 chore(release): 4.0.0
• fc8721f chore(deps): migrate on `mime-types` package (Making lognormal auto-select by default when bounds are positive getguesstimate/guesstimate-app#209)
• f13757a chore(deps): update (Positive inputs should default to lognormal getguesstimate/guesstimate-app#208)
• a2f127d fix: description on the `esModule` option (Issue 201 no intermediate page on new model creation. getguesstimate/guesstimate-app#204)
• 4301f87 chore(release): 3.0.0
• 3f0bbc5 refactor: next (Make a 'Venture Capital Investments' model template getguesstimate/guesstimate-app#198)
• 2451157 chore(release): 2.3.0
• 0ee2b99 feat: new `esModules` option to output ES modules
• cbd1950 chore(release): 2.2.0
• 196110e fix: yarn pnp support (Track clicks on 'Account' button that opens the modal. getguesstimate/guesstimate-app#195)
• 9431124 docs: improve documentation about `fallback` (Segment misaligning user emails and IDs getguesstimate/guesstimate-app#194)
• a251a23 chore(deps): update (Segment tracking for purhcase success and failure. getguesstimate/guesstimate-app#193)
• 2bffcfd fix: limit must allow infinity and max value (Make a 'Personal Expenses' model. getguesstimate/guesstimate-app#192)
• 1b9dbd1 chore(release): 2.1.0
• f3d4dd2 feat: improved validation error messages (Copying models needs documentation. getguesstimate/guesstimate-app#187)
• 37c6acc chore(release): 2.0.1
• 4842f93 fix: allow using limit as string when you use loader with query string (Allowing models to be copied. Closes 115 getguesstimate/guesstimate-app#185)
• c0341da chore(defaults): update (Sampling is inaccurate especially for log-normal distributions getguesstimate/guesstimate-app#184)
• 78833ac chore(release): 2.0.0
• 4386b3e chore(deps): update (Fix concat bug 11 getguesstimate/guesstimate-app#182)
• 60d2cb3 feat: limit option can be boolean (All text/input combos marked as impure getguesstimate/guesstimate-app#181)
• d82e453 fix: `limit` should always be a number and 0 value handles as number (Uncaught SyntaxError: Duplicate data property in object literal not allowed in strict mode getguesstimate/guesstimate-app#180)
• 3c24545 fix: fallback loader will be used than limit is equal or greater (Paid Models getguesstimate/guesstimate-app#179)
• a6705cc test: test svg scenario. Ensure karma tests end for Codeship, closes #175 getguesstimate/guesstimate-app#176 (Fix Broken Tests getguesstimate/guesstimate-app#177)

See the full diff

Package name: worker-loader

The new version differs by 96 commits.

• bc99955 chore(release): 3.0.0
• 6aa1eb0 docs: improve (Improving regex and filtering out empty strings after the split to st… getguesstimate/guesstimate-app#275)
• 011e4ca refactor: code (Changed recursive search algorithms to iterative and exit early upon self encounters to prevent infinite loops. getguesstimate/guesstimate-app#274)
• f72b252 refactor: use ES modules syntax for inline mode (Cuts off low density tails of the histogram. Closes 219. getguesstimate/guesstimate-app#273)
• 76c63fa refactor: code
• 9079570 fix: unstable `contenthash`
• 4f9b240 fix: cache identifier for webpack@4 (Making space authors show up on the organizations page. getguesstimate/guesstimate-app#270)
• 5047abb fix: source maps when `inline` using without fallback (Giving all dropdown list elements in the profile dropdown unique keys. getguesstimate/guesstimate-app#269)
• f93804e test: refactor (Making name not required in metric card as metrics are often unnamed … getguesstimate/guesstimate-app#268)
• f047ad0 refactor: `inline` option (Client warns that metric name is a required prop type and is unset. getguesstimate/guesstimate-app#267)
• bb77346 fix: respect `publicPath` from `output.publicPath` (The new model creation dropdown should close on click and have valid keys. Closes 260 getguesstimate/guesstimate-app#265)
• 1e761ed fix: respect `externals` (Accounts factory is invalid due to duplicate auth0_id getguesstimate/guesstimate-app#264)
• c117a7c feat: default value of `filename` from `output.filename` (Adds Organizations dropdown menu for navigation to organization page. Closes 258. getguesstimate/guesstimate-app#263)
• 905ed7b feat: the `chunkFilename` option
• 8d7cae0 refactor: rename the `name` option (Need basic documentation of organization beta features. getguesstimate/guesstimate-app#261)
• e0d9887 fix: compatibility with webpack@5 (Spaces on organization page should show author. getguesstimate/guesstimate-app#259)
• a8ce4ad feat: switch on es module syntax ('domain_name' method doesn't work for .net & .org accounts. getguesstimate/guesstimate-app#257)
• 152634c fix: support WASM
• 2b9e2fd feat: `worker` option (Segment on server for user identification. getguesstimate/guesstimate-app#255)
• 800b074 refactor: test
• f729e34 fix: memory leak for inline workers (Error on /users/:id pages where :id != current_user.id getguesstimate/guesstimate-app#252)
• f03498d feat: add the `workerType` option (replaces Remove Gitter button getguesstimate/guesstimate-app#178) (239 organization client interaction new space getguesstimate/guesstimate-app#247)
• 0efd0e4 test: add test with puppeteer (Look into possible extra fetching that can be avoided via embedded records. getguesstimate/guesstimate-app#246)
• 22d48e4 docs: improve

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution