[Snyk] Fix for 1 vulnerabilities

[javakian]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: css-loader

The new version differs by 34 commits.

• 7857d8f chore(release): 4.0.0
• 5604205 feat: support `file:` protocol
• 5303db2 chore(deps): update (#1131)
• 9aa0549 chore(deps): update
• a54c955 test: imports
• 5b45d87 test: support in `@ import` at-rule
• 83515fa refactor: code
• 1c20b1e fix: parsing
• 7f49a0a feat: `@ value` supports importing `url()` (#1126)
• 791fff3 refactor: named export (#1125)
• 01e8c76 refactor: change function arguments of the `import` option (#1124)
• c153fe6 refactor: improve schema options (#1123)
• 58b4b98 test: unresolved (#1122)
• d2f6bd2 refactor: getLocalIdent function (#1121)
• 069dbb0 refactor: the `modules.localsConvention` option was renamed to the `modules.exportLocalsConvention` option (#1120)
• fc04401 refactor: the `modules.context` option was renamed to the `modules.localIdentContext` option (#1119)
• 3a96a3d refactor: the `hashPrefix` option was renamed to the `localIdentHashPrefix` option (#1118)
• 0080f88 refactor: default values `modules` and `module.auto` are true (#1117)
• e1c55e4 refactor: rename the `onlyLocals` option (#1116)
• ac5f413 refactor: code
• a5c1b5f test: code coverange (#1114)
• 908ecee refactor: `esModule` option is `true` by default (#1111)
• 7cca035 test: coverange (#1112)
• bc19ddd feat: improve `url()` resolving algorithm

See the full diff

Package name: gulp-sass

The new version differs by 5 commits.

• 5775044 Update CHANGELOG.md
• 978b8f6 Update to major version 5 (#802)
• 10eae93 Update changelog for 4.1.1
• 947b26c Upgrade lodash to fix a security issue (#776)
• 8d6ac29 Update changelog

See the full diff

Package name: jest

The new version differs by 250 commits.

• be16e47 v27.0.0
• 63102ec chore: update changelog for release
• 564694a docs(blog): Jest 27 blog post (#11131)
• b68d91b feat(pretty-print): add option `printBasicPrototype` (#11441)
• 2226742 chore: minor simplify format results error (#11432)
• 78eb25d chore: remove needless assign (#11433)
• 696c455 chore: update lockfile after publish
• e2eb9ae v27.0.0-next.11
• 3b253f8 Wait for closed resources to actually close before detecting open handles (#11429)
• 27bee72 fix: run GC before collecting open handles (#11278)
• 50451df feat: use fallback if prettier not found (#11400)
• 150dbd8 chore: update lockfile after publish
• 6f44529 v27.0.0-next.10
• cbcec7d Upgrade fsevents in jest-haste-map (#11428)
• 9633a26 feat: support reporters written in ESM (#11427)
• 59f42d8 fix: do not cache modules that throw during evaluation (#11263)
• 57e32e9 Detect open handles with done callbacks (#11382)
• a397607 Document and test dontThrow for custom inline snapshot matchers (#10995)
• 4fa3a0b feat: custom haste (#11107)
• 2047a36 chore: bump deps (#11419)
• a4358d6 chore: run prettier on changelog
• bdd6282 Move all default values into `jest-config` (#9924)
• db643a1 Link to Jest config (#11106)
• b16082c Fix locale issue #10014 (#11412)

See the full diff

Package name: node-sass

The new version differs by 57 commits.

• c167004 6.0.1
• 911d4db remove mkdirp dep (#3108)
• 30a52f7 build(deps): bump meow from 3.7.0 to 9.0.0
• 7e08463 build(deps-dev): bump mocha from 8.4.0 to 9.0.1
• cfcbb2c chore: Use default Apline version from docker-node (#3121)
• 886319b chore: Drop Node 10 support
• c908f4f fix: Bump OSX minimum to 10.11
• 8ab02da fix: Remove old compiler gyp settings
• 3d7b9d0 chore: Add Node 16 support
• 4115e9d build(deps): bump actions/setup-node from v2.1.4 to v2.1.5
• 06f3ab4 Update TROUBLESHOOTING.md
• c1cb367 build(deps): bump actions/setup-node from v2.1.3 to v2.1.4
• 769f3a6 build(deps): bump actions/setup-node from v2.1.2 to v2.1.3
• a2a3a78 chore: Bump dependabot limit
• 7105b0a 5.0.0 (#3015)
• 0648b5a chore: Add Node 15 support (#2983)
• e2391c2 Add a deprecation message to the readme (#3011)
• 6a33e53 chore: Don't upload artifacts on PRs
• d763506 chore: Only run coverage on main repo
• d4ebe72 build(deps): update actions/setup-node requirement to v2.1.2
• 2bebe05 build(deps-dev): bump rimraf from 2.7.1 to 3.0.2
• f877689 chore: Don't double build DependaBot PRs
• b48fac4 chore: Add weekly DependaBot updates
• 91c40a0 Remove deprecated process.sass API

See the full diff

Package name: sass-loader

The new version differs by 61 commits.

• 3b51d47 chore(release): 8.0.1
• 6c59e37 fix: support webpack@5 (#794)
• 5611f73 docs: improved documentation after breaking changes in release version 8.0.0 (#780)
• 4834287 refactor: use startsWith (#792)
• 22c597b refactor: use Array.includes (#777)
• ed345fa chore(deps): switch to memfs (#791)
• 2e14b68 chore: removed the duplicated prettier config (#781)
• 9274387 chore(deps): update (#772)
• 6d11b7b docs: overhaul readme (#771)
• 185ba80 test: sass modules "@ use" (#770)
• aa9b53b chore(release): 8.0.0
• 45ad0be chore: next (#748)
• 194fea4 chore(release): 7.3.1
• 1175920 fix: minimum `node` version in `package.json` (#733)
• a3ac649 chore(release): 7.3.0
• 6f4ea37 feat: `webpackImporter` option (#732)
• 0330253 docs: standardize readme (#730)
• 997a255 fix: handle module import ending `/` as module (#728)
• 071fa88 test: alias on directory with `_index` file (#727)
• 6be93c8 test: import without quotes (#726)
• dc23895 refactor: code (#725)
• 97c93dd test: manual test (#724)
• b2af379 fix: use "compressed" output when mode is "production" (#723)
• 3545434 refactor: code

See the full diff

Package name: ts-loader

The new version differs by 19 commits.

• 268bc69 chore(deps): upgrade most production deps (#1237)
• e160564 Add a cache to file path mapping (#1228)
• 14fa3f8 Add documentation about performance profiling (#1230)
• 3cc78b8 Fix typo in README.md (#1229)
• 8f2a509 Add documentation for the useCaseSensitiveFileNames option (#1227)
• 566e6ce Instead of checking date, check time thats more accurate to see if something has changed (#1217)
• 172ebeb Feature/typescript 4 1 (#1213)
• 0816fe9 Add peer dependencies for Yarn PnP (#1209)
• 4909d99 Fixed missing errors in watch mode in webpack5 (#1208)
• 3f73e98 Fix failed builds when using thread-loader (#1207)
• e90f8ad Fix memory leak when using multiple webpack instances (#1205)
• 95050eb Speeds up project reference build and doesnt store the result in memory (#1202)
• f99c7c4 doc: escape pipe in table (#1201)
• 0b4a86d Replace afterCompile to stop webpack 5 warning (#1200)
• 6d8d601 Fixed deprecation warnings on webpack@5. (#1195)
• cafc933 Fix installation link on README.md (#1192)
• f5e901e Bump http-proxy in /examples/react-babel-karma-gulp (#1182)
• 0767bce add github action status badge (#1190)
• db5ea55 Feature/upgrade testpack to ts4 (#1189)

See the full diff

Package name: webpack-cli

The new version differs by 250 commits.

• fb50f76 chore(release): publish new version
• 2c75aeb chore: new version of the packages
• 0d05c30 chore(release): publish %s
• 3f9e151 chore: fix lerna config
• 2c1e34c tests(generator): enhance init generator tests (#1236)
• 6ee61b9 Fix loader-generator and plugin-generator tests (#1250)
• 52956a2 Fixing the typos and grammatical errors in Readme files (#1246)
• 7faaed2 chore: update Bug_report & Feature_request Templates (#1256)
• 7a5b33d feat(webpack-cli): added mode argument (#1253)
• 3715756 tests(webpack-cli): add test case for defaults flag (#1254)
• a7cba2f chore: project maintanance and typescript fix (#1247)
• 7748472 chore: ignore package-lock.json and remove its references (#1252)
• a014aa7 docs: fix supported arguments & commands link in README (#1244)
• 06129a1 feat(webpack-cli): add progress bar for progress flag (#1238)
• 6cc6a49 chore: post refactor CLI (#1237)
• 358651e chore: move cli under lerna package (#1225)
• 2dc495a fix(init): fix webpack config scaffold (#1231)
• 1ab62d2 tests(generator): add tests for plugin generator (#1235)
• d2dd0c1 tests(sourcemap): fix flaky stats statement (#1232)
• f6dc680 tests(loader-generator): add tests for loader generator (#1234)
• 35d1381 tests(generator): enable init generator test (#1233)
• 66cdcb6 chore(generator): remove transpiled tests (#1229)
• f29a170 fix(init): fix the invalid package name (#1228)
• 8c3a66d chore(cli): updated changelog of v3 (#1224)

See the full diff

Package name: webpack-dev-server

The new version differs by 250 commits.

• c9271b9 chore(release): 4.0.0
• 18bf369 test: fix stability (#3676)
• cdcabb2 fix: respect protocol from browser for manual setup (#3675)
• 1768d6b fix: initial reloading for lazy compilation (#3662)
• 4f5bab1 docs: improve examples (#3672)
• f2d87fb fix: improve https CLI output (#3673)
• 0277c5e chore: remove redundant console statements (#3671)
• 16fcdbc docs: add `ipc` example (#3667)
• 8915fb8 test: add e2e tests for built in routes (#3669)
• 4d1cbe1 docs: ask `version` information in issue template (#3668)
• b6c1881 chore(deps-dev): bump core-js from 3.16.1 to 3.16.2 (#3666)
• ffa8cc5 chore(deps-dev): bump supertest from 6.1.5 to 6.1.6 (#3665)
• f1fdaa7 chore(release): 4.0.0-rc.1
• c4678bc fix: legacy API (#3660)
• d8bdd03 test: fix stability (#3661)
• 22b1414 refactor: remove `killable` (#3657)
• 75bafbf test: add e2e tests for module federation (#3658)
• 493ccbd chore(deps): update `ws` (#3652)
• ae8c523 test: add e2e test for universal compiler (#3656)
• f94b84f chore(deps): update (#3655)
• 1923132 test: fix cli
• 2adfd01 test: fix todo (#3653)
• 6e2cbde fix: proxy logging and allow to pass options without the `target` option (#3651)
• c9ccc96 fix: respect infastructureLogging.level for client.logging (#3613)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)