[Snyk] Fix for 1 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: css-loader

The new version differs by 136 commits.

• 43179a8 chore(release): 1.0.0
• 3d53968 Merge remote-tracking branch 'origin/master'
• 240db53 version 1.0 (#742)
• 1b7acf7 Merge remote-tracking branch 'origin/master'
• 1703721 docs(README): add more context to `localIdentName` (#711)
• 1c51265 docs(README): fix malformed emoji (#701)
• 50f8ec0 Merge remote-tracking branch 'origin/master'
• 07444ad tests: css custom variables (#709)
• 3de8aa7 tests: css custom variables (#709)
• df497db chore(release): 0.28.11
• c788450 fix(lib/processCss): don't check `mode` for `url` handling (`options.modules`) (#698)
• c35d8bd chore(release): 0.28.10
• 9f876d2 fix(getLocalIdent): add `rootContext` support (`webpack >= v4.0.0`) (#681)
• 0452f26 test: hashes inside `@ font-face` url (#678)
• 630579d chore(release): 0.28.9
• 604bd4b chore(package): update dependencies
• d1d8221 fix: ignore invalid URLs (`url()`) (#663)
• 0fc46c7 chore(release): 0.28.8
• 333a2ce chore(package): update `dependencies`
• 39773aa ci(travis): use `npm`
• 8897d44 fix: proper URL escaping and wrapping (`url()`) (#627)
• 0dccfa9 fix(loader): correctly check if source map is `undefined` (#641)
• d999f4a docs: Update importLoaders documentation (#646)
• 05c36db test: removed redundant `modules` argument (#599)

See the full diff

Package name: postcss-loader

The new version differs by 250 commits.

• 792e217 chore(release): 4.0.0
• 598f36d docs: improve readme
• cad6f07 fix: avoid mutations of options and config (#470)
• 77449e1 test: union (#469)
• 9b75888 feat: reuse AST from other loaders (#468)
• 5e4a77b fix: resolve `from` and `to` from config and options (#467)
• 225b2e5 refactor: do not validate `postcss` options (#466)
• 3d32c35 fix: `default` export for plugins (#465)
• 38ebe08 refactor: `execute` option (#464)
• d0ea725 refactor: config loading
• 108d871 test: more
• b4d3bcc chore: remove unnecessary dev deps (#460)
• 475278c chore: move `postcss` to `peerDependencies` (#459)
• 98441ff fix: respect the `map` option and source maps (#458)
• ba88040 refactor: do not pass meta from other loaders (#457)
• 25a16a0 refactor: source map code
• 677c2fe refactor: removed `inline` value for the `sourceMap` option (#454)
• d8d84f7 refactor: code (#453)
• 3cd85df refactor: code
• 6eb44ed refactor: code
• 53da71a refactor: sourcemap paths
• d7bc470 feat: array syntax for plugins
• 2cd7614 refactor: code (#451)
• 60e4f12 docs: addDependency (#448)

See the full diff

Package name: webpack-dev-server

The new version differs by 250 commits.

• c9271b9 chore(release): 4.0.0
• 18bf369 test: fix stability (#3676)
• cdcabb2 fix: respect protocol from browser for manual setup (#3675)
• 1768d6b fix: initial reloading for lazy compilation (#3662)
• 4f5bab1 docs: improve examples (#3672)
• f2d87fb fix: improve https CLI output (#3673)
• 0277c5e chore: remove redundant console statements (#3671)
• 16fcdbc docs: add `ipc` example (#3667)
• 8915fb8 test: add e2e tests for built in routes (#3669)
• 4d1cbe1 docs: ask `version` information in issue template (#3668)
• b6c1881 chore(deps-dev): bump core-js from 3.16.1 to 3.16.2 (#3666)
• ffa8cc5 chore(deps-dev): bump supertest from 6.1.5 to 6.1.6 (#3665)
• f1fdaa7 chore(release): 4.0.0-rc.1
• c4678bc fix: legacy API (#3660)
• d8bdd03 test: fix stability (#3661)
• 22b1414 refactor: remove `killable` (#3657)
• 75bafbf test: add e2e tests for module federation (#3658)
• 493ccbd chore(deps): update `ws` (#3652)
• ae8c523 test: add e2e test for universal compiler (#3656)
• f94b84f chore(deps): update (#3655)
• 1923132 test: fix cli
• 2adfd01 test: fix todo (#3653)
• 6e2cbde fix: proxy logging and allow to pass options without the `target` option (#3651)
• c9ccc96 fix: respect infastructureLogging.level for client.logging (#3613)

See the full diff

Package name: xo

The new version differs by 250 commits.

• aa8508b 0.31.0
• 32d96c3 Upgrade dependencies
• 1240dd2 Enable `import/no-anonymous-default-export` and `import/no-named-default` (#472)
• 6a05691 Add support for scoped shareable configs (#480)
• ca21492 Add some eslint-plugin-node rules
• bdc13e2 Fix Travis
• c7d64de 0.30.0
• ca31f1c Upgrade dependencies
• 07e2762 Prevent extraneous newline from `--stdin --fix` (#460)
• a592d3d 0.29.1
• 4783f26 Add `tap-snapshots/*.cjs` to default ignore list (#461)
• 967927d Temporarily disable the `unicorn/string-content` rule (#462)
• 87e3615 0.29.0
• f59ec7b Update dependencies
• e05efc3 Upgrade to Prettier 2.0.4 (#458)
• f20f6d2 Allow `nodeVersion` in XO config to override `engines.node` (#457)
• ec87ef3 0.28.3
• c47a0c6 Support `semicolon` option with TypeScript (#446)
• a4625a7 Add TS extends after base XO extends and before user extends (#453)
• 5da0bbc 0.28.2
• 41b1bd7 Set `indent` rule for TS files too (#451)
• 28902f0 Fix compatibility with latest TypeScript-ESLint version (#452)
• 2e39794 0.28.1
• 6c57ff7 Add `xo-typescript` and `prettier/@ typescript-eslint` before user extends (#442)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic