[Snyk] Fix for 1 vulnerabilities

[erlendr]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	551/1000 Why? Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: css-loader

The new version differs by 91 commits.

• d7317ca chore(release): css-loader v0.26.2
• 7732614 Merge pull request #428 from helloyou2012/master
• f8cdaca fix deprecation warning (loader-utils)
• 7c45e94 docs(readme): udpates for JSF maintainers
• 199897f Fix Maintainer section look (#409)
• 793390a Merge pull request #408 from d3viant0ne/d3viant0ne-TravisValidations
• 2fd0c78 ci(Travis): updates Travis validations
• e54549e Merge pull request #407 from christianvuerings/readme-minimize
• 4bd7130 README - fix default for minimize
• 9508990 Merge pull request #380 from michael-ciniawsky/readme
• 08e9d47 Add `files` to `package.json`. (#388)
• 5735e5d Implement feedback from other loader readme's
• 851a22b Bump source-map-list to 0.1.7 (#383)
• a38e254 Add license file
• 5b856b2 0.26.1
• 85a2156 docs(README): refactor for webpack v2
• 46ebca3 expose getLocalIdent (#357)
• 564f521 add issue templates
• 9df4467 Update README.md
• 9497d74 0.26.0
• 2cd0cf7 update deps
• 8cd1069 Make -loader suffix consistent in README.md (#375)
• 008e6fd Disable Autoprefixer in cssnano (#361)
• 22f6621 0.25.0

See the full diff

Package name: extract-text-webpack-plugin

The new version differs by 147 commits.

• 5268d14 chore(release): 2.0.0
• 518e54d Merge pull request #429 from helloyou2012/master
• 16e7601 fix deprecation warning (close #427)
• a078c82 Merge pull request #419 from webpack-contrib/d3viant0ne-JSFMaintainers
• facb563 docs(readme): updates for JSF maintainers
• b755a1f Merge pull request #414 from ShinyChang/patch-1
• 28dca8a Update README.md
• 261df23 Merge pull request #402 from webpack-contrib/remove-remove-and-do-dependency
• 6d42658 Merge pull request #400 from GeorgeTaveras1231/patch-1
• ad44d20 Merge pull request #411 from BorodinDemid/patch-1
• 78d0947 Merge pull request #413 from scottdj92/master
• 3d9f857 fix typo in readme
• 7097a1d make extracting Sass/LESS more clear
• 91befda Merge pull request #394 from pndewit/master
• c307def Merge pull request #395 from billgo/patch-1
• 61c5672 Update README.md
• 002c887 Merge pull request #409 from simon04/patch-1
• 52950f3 README: add install instructions for webpack 2
• a768464 inline removeAndDo dep to webpack internal lib
• 15dbccb Adhere to module schema in README
• ca96b7b Update README.md
• 9311650 docs - adds array type for options.use and options.fallback
• e831507 2.0.0-rc.3
• d279b25 Merge pull request #391 from bebraw/ignore-fix

See the full diff

Package name: file-loader

The new version differs by 28 commits.

• 5d8f73e chore(release): 0.10.1
• a8358a0 fix(getOptions): deprecation warn in loaderUtils (#129)
• b01526a Merge pull request #123 from simon04/master
• 32aada7 Remove license link
• 2d239df chore(release): 0.10.0
• ba2e876 ci(Travis): update to webpack standard build
• d82e8de docs(readme): update urls for contrib move
• eaeaa0e docs(readme): fix icon url
• 6fec719 chore(release): add standard version & documentation
• 3e5985a docs(readme): fix maintainers section look
• b5ea427 chore(readme): Update to webpack standard format
• 1462d4b chore(license): add js foundation LICENSE file
• 6833c70 feat(resources): specify custom public file name
• 0727efe chore(issues): add issue templates
• 9fdd47e Add -loader suffix to README to reflect new loader syntax webpack 2 requirement
• 162c8fa 0.9.0
• f21695e Merge pull request [Snyk] Security upgrade css-loader from 0.15.6 to 0.18.0 #41 from kossnocorp/patch-1
• 6dd8c0d Merge pull request [Snyk] Security upgrade less from 2.7.3 to 3.0.2 #47 from tedpennings/patch-2
• 6a0317e added missing piece from [Snyk] Security upgrade extract-text-webpack-plugin from 0.8.2 to 3.0.2 #42
• 5ae3077 Merge branch 'public-path' [Wiki] Removed Watch from configuration page webpack/docs#57
• dba9318 Merge pull request externals isn't working webpack/docs#58 from mrpoptart/patch-1
• 0241876 Merge pull request commonjs2 library with externals uses value instead of key for require webpack/docs#74 from elyobo/optional-emit
• 20c8fff Make emitting a file optional.
• 011fa30 Update README.md

See the full diff

Package name: less-loader

The new version differs by 45 commits.

• 6df6957 3.0.0
• 2ba03d0 Update CHANGELOG
• 9bace43 Add codecov to travis.yml
• 63a86f0 Merge pull request #153 from webpack-contrib/maintenance
• 144798f Use coding style from eslint-config-peerigon
• 1c089f1 Use eslint instead of jshint
• bc96bab Replace npmignore with files property in package.json
• 2878127 Refactor tests
• d37593f Add nyc for test coverage
• 189ac6a Move loader files into lib folder
• a6d09c6 Improve README
• 6727e2d Update package.json
• 8691c0d Add appveyor
• c9f6f94 Merge pull request #152 from webpack-contrib/update/webpack-2
• 79445fa Merge pull request #151 from webpack-contrib/update/readme
• 40aa340 Add error when a sync compiliation is detected
• df40f05 Update to webpack 2
• 2d78a36 Update README
• 72ba408 Merge pull request #147 from webpack-contrib/d3viant0ne-TravisUpdates
• 30b9e1e ci(Travis): add note about defualts upgrade for test suite
• 06fe7dd ci(Travis): drop before script install
• 2a3b2f9 fix(getOptions): deprecation warn in loaderUtils
• 5e07d05 ci(travis): contrib standard Travis build
• dd369b0 Merge pull request #134 from jakwuh/patch-1

See the full diff

Package name: style-loader

The new version differs by 41 commits.

• 11c54f2 chore(release): style-loader v0.13.2
• 13aa381 Merge pull request #174 from ryani33/fix-deprecated-warning
• da2bc5a fix deprecated warning
• 8ab1c5f Merge pull request #172 from joeshub/patch-1
• fc9ef25 Fixed link to local scope
• d99f992 Merge pull request #169 from simon04/master
• 79b2846 Remove license link
• cb3c0b6 Merge pull request #162 from d3viant0ne/d3viant0ne-UpdateDocsForFinal
• 700dd55 chore(readme): Update to webpack standard format
• 5a1a0f8 Merge pull request #160 from blainekasten/UpdateReadme
• e2e6956 Change Readme to use new Rule.use configuration
• 78de576 Add LICENSE file
• aed8706 Add issue templates
• 102c74b Merge pull request #151 from kennyjacob/patch-1
• 981814a Update README.md
• 6751466 Merge pull request #150 from kevinzwhuang/add-loader-suffix
• f683bd3 Add -loader suffix to reflect new loader syntax webpack 2 requirement
• 9dc45a6 Replace window with self for better web worker support
• 50af215 Merge pull request Duplicate vendor modules when relative path to local dependency is used.  webpack/docs#120 from crucialfelix/patch-1
• 4f319d2 add a one-line description of what the style-loader actually does
• bba5bdb 0.13.1
• 7df14ac Merge pull request working on code splitting in react native web app only one bundle is created instead of chunks webpack/docs#116 from zachlysobey/patch-1
• 556ff32 Fix typo in README
• cff991e Merge pull request following doc on hot module replacement does not work webpack/docs#97 from jonathanp/readme-fixes

See the full diff

Package name: stylus-loader

The new version differs by 107 commits.

• 2911f86 3.0.0
• dad0444 Add 3.0.0 to changelog
• 58c428d Merge branch 'fix-deprecation'
• 3398ff8 Drop webpack 1 and node < 4 support
• e759052 fix deprecated warning
• 68f76a1 2.5.1
• d30a974 Add 2.5.1 to changelog
• 374d697 Merge pull request #166 from betit/fix-options
• 34fcf2b Fix options mutation
• fdbdb60 2.5.0
• 858b2e7 Add 2.5.0 to changelog
• 595c3c3 Merge pull request #161 from JounQin/patch-1
• e1944a6 add support to define *paths* through options
• 9611dcf 2.4.0
• 98b7002 Add 2.4.0 to changelog
• 21f48e0 Merge pull request #154 from mzgoddard/webpack-2-options
• 4d30096 Bump webpack 2 version tested on travis
• 8d08bac Add a bit to the README about using `?config` with webpack 1
• a235bd8 Add some help for configuring the loader with webpack 2
• a57949a 2.3.1
• c8ed2a1 Add 2.3.1 to changelog
• f187299 Merge pull request #140 from stevewillard/patch-1
• 23d4adb Typo in README
• d699c25 2.3.0

See the full diff

Package name: webpack

The new version differs by 250 commits.

• bf4ec9c 3.0.0
• 9feda63 Merge pull request #5028 from webpack/feature/externalize_uglify_plugin
• 49d6e38 Merge pull request #5086 from webpack/ci/node-8
• 3dcb133 OSX test on node.js 8
• f4b8785 Merge pull request #5012 from webpack/TheLarkInn-patch-1
• d26c402 chore(deps): upgrade uglifyjs-webpack-plugin deps to get latest webpack-sources so tests pass
• 3da4f3e Merge pull request #5085 from jbellenger/jbellenger/rawmodule-hash
• 8c9dc14 fix RawModule hashing
• c2c5d73 Update README.md
• 316d4b9 Merge pull request #5084 from timse/remove-duplicate-code
• ae18552 update test case with changed hash due to less clutter in dependencies
• fc20348 unite iteration through modules into one loop
• 083843e remove code that pushes arrays of dependencies into dependencies
• ab636b0 Merge pull request #5075 from andreipfeiffer/master
• 3b3449c Refactor: use const for non reassignable identifier
• 2ba0499 3.0.0-rc.2
• 1769fa2 Merge pull request #5064 from webpack/feature/scope-hoisting-multi-entry
• a73646a Merge pull request #5060 from mikesherov/reason-chunks-as-set
• 28f826a consistent order
• 8a30188 use Set for ModuleReason chunk rewriting
• 5d4ba56 Allow scope hoisting to process modules in multiple chunks
• d6a7594 harmony modules without exports have no exports instead of unknown
• 3ae782d Merge pull request #5049 from KTruong888/ES6_refactoring_multicompiler
• 18cdba8 4099_ES6 refactor lib/MultiCompiler.js

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)