[Snyk] Fix for 1 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	551/1000 Why? Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: babel-loader

The new version differs by 41 commits.

• 1a76476 7.0.0
• 7307226 Point changelog to releases
• 174cb10 Merge branch '7.0'
• 2204871 Add prettier (#409)
• dbec80d Make sure .babelrc is a file, not a directory (#427)
• aa485e4 Use bash codecov (#440)
• 16522b6 yarn.lock
• 660922b Update ava to the latest version 🚀 (#434)
• 5d248b5 Update cross-env to the latest version 🚀 (#431)
• 74ff2e6 Updated documentation to match webpack v2 changes. (#438)
• ed8711d Add note about webpack versions
• a7342de 7.0.0-beta.1
• fb8c271 Merge branch 'fix-options' into 7.0
• 1ed7ff5 Merge branch 'master' into 7.0
• e20f6b6 Changelog for 6.4.1 (#424)
• 87e4e85 target node 4 in preset env (#423)
• 05a31c5 7.0.0-alpha.3
• ad77367 Ensure options are always an object (#413)
• e8aa302 Ensure options are always an object
• b9209e7 7.0.0-alpha.2
• 3f51915 Update yarn.lock
• c18b16a Fix merge conflict
• 906ab55 Merge branch 'master' into 7.0
• 70c8c4a Merge branch 'master' into 7.0

See the full diff

Package name: css-loader

The new version differs by 39 commits.

• d7317ca chore(release): css-loader v0.26.2
• 7732614 Merge pull request #428 from helloyou2012/master
• f8cdaca fix deprecation warning (loader-utils)
• 7c45e94 docs(readme): udpates for JSF maintainers
• 199897f Fix Maintainer section look (#409)
• 793390a Merge pull request #408 from d3viant0ne/d3viant0ne-TravisValidations
• 2fd0c78 ci(Travis): updates Travis validations
• e54549e Merge pull request #407 from christianvuerings/readme-minimize
• 4bd7130 README - fix default for minimize
• 9508990 Merge pull request #380 from michael-ciniawsky/readme
• 08e9d47 Add `files` to `package.json`. (#388)
• 5735e5d Implement feedback from other loader readme's
• 851a22b Bump source-map-list to 0.1.7 (#383)
• a38e254 Add license file
• 5b856b2 0.26.1
• 85a2156 docs(README): refactor for webpack v2
• 46ebca3 expose getLocalIdent (#357)
• 564f521 add issue templates
• 9df4467 Update README.md
• 9497d74 0.26.0
• 2cd0cf7 update deps
• 8cd1069 Make -loader suffix consistent in README.md (#375)
• 008e6fd Disable Autoprefixer in cssnano (#361)
• 22f6621 0.25.0

See the full diff

Package name: file-loader

The new version differs by 28 commits.

• 5d8f73e chore(release): 0.10.1
• a8358a0 fix(getOptions): deprecation warn in loaderUtils (Use apostrophe instead of backtick in "I've" getbem/getbem.github.io#129)
• b01526a Merge pull request Fix English mistakes. getbem/getbem.github.io#123 from simon04/master
• 32aada7 Remove license link
• 2d239df chore(release): 0.10.0
• ba2e876 ci(Travis): update to webpack standard build
• d82e8de docs(readme): update urls for contrib move
• eaeaa0e docs(readme): fix icon url
• 6fec719 chore(release): add standard version & documentation
• 3e5985a docs(readme): fix maintainers section look
• b5ea427 chore(readme): Update to webpack standard format
• 1462d4b chore(license): add js foundation LICENSE file
• 6833c70 feat(resources): specify custom public file name
• 0727efe chore(issues): add issue templates
• 9fdd47e Add -loader suffix to README to reflect new loader syntax webpack 2 requirement
• 162c8fa 0.9.0
• f21695e Merge pull request [Snyk] Fix for 1 vulnerabilities #41 from kossnocorp/patch-1
• 6dd8c0d Merge pull request [Snyk] Fix for 1 vulnerabilities #47 from tedpennings/patch-2
• 6a0317e added missing piece from [Snyk] Security upgrade xo from 0.12.1 to 0.26.0 #42
• 5ae3077 Merge branch 'public-path' [Snyk] Security upgrade hjs-webpack from 5.2.0 to 9.0.0 #57
• dba9318 Merge pull request [Snyk] Security upgrade xo from 0.12.1 to 0.20.0 #58 from mrpoptart/patch-1
• 0241876 Merge pull request if I wanna control all <li> inside a block,can i make the selector .block li{...}? getbem/getbem.github.io#74 from elyobo/optional-emit
• 20c8fff Make emitting a file optional.
• 011fa30 Update README.md

See the full diff

Package name: hjs-webpack

The new version differs by 143 commits.

• 53c3f76 Merge pull request #318 from selbekk/webpack-2
• e7e6e87 Inline isInstalled checks
• cd5f523 Remove some dead code
• 5bf8be3 Update documentation
• 68433b9 Update to v9.0.0
• 5671e3a Fix some linting errors
• 8788282 Change deprecated plugin
• f06bc14 Update examples
• 8ebcbc2 Update config syntax
• b3dc6bf Remove deprecated options
• 539c4a4 Remove OccurenceOrderPlugin
• 8736c6f Rename module.loaders to module.rules
• 6ccd2ca Update webpack dependency to ^2.2.1
• 6d2eb7a 8.4.3
• b3df47b changelog for 8.4.3
• d9e5dc9 Do not replace all environment variables in production. (Are there any special rules for pseudo-classes or pseudo-elements? getbem/getbem.github.io#296)
• b1e0662 8.4.2
• 6948f02 changelog for 8.4.2
• 26bbb26 Change how default name and version are specified for In BEM can I avoid reusing the same namespace inside a Block? getbem/getbem.github.io#255
• 2ece62a Revert "use a default package name and version so builds dont error without them; In BEM can I avoid reusing the same namespace inside a Block? getbem/getbem.github.io#255"
• 8fb2682 8.4.1
• e7b8af4 changelog for 8.4.1
• f006801 fix: install compression module; closes ToC on mdx pages getbem/getbem.github.io#291
• db83fbe 8.4.0

See the full diff

Package name: postcss-loader

The new version differs by 143 commits.

• 7b5bda5 Release 1.3.2 version
• d1f811e Update dependencies
• 519a8c0 fix deprecated warning (page naviagation getbem/getbem.github.io#178)
• aab8226 Release 1.3.1 version
• 148e1c0 Update dependencies
• d51afd9 Do not load config file from `--config` (Is block--modifier wrapping the block OK? getbem/getbem.github.io#174)
• dbb597e Update postcss-load-config v1.1.0...1.2.0
• 5a29e1b Release 1.3 version
• 1147cb8 Update dependencies
• 8c897ca don't force internal requires of options (fix typos and grammar getbem/getbem.github.io#171)
• db51682 Release 1.2.2 version
• 72a245c Update dependencies
• 0c8c07d Watch Config (postcss.config.js) (Which classes should I use for this? getbem/getbem.github.io#161)
• 526df91 Fix docs sections
• 64b370a Add webpack 2 docs
• adedf78 Better tests for custom syntaxes
• 37e25aa Update dependencies
• b66a294 Merge pull request JS manipulation over BEM CSS structure getbem/getbem.github.io#154 from komlev/master
• b73cfc8 Fixing grammar issues in README.md
• bf0d7ee Adding description of using postcss-js parser with babel 6 compiler
• 19011fb Release 1.2.1 version
• 11baf61 Update dependencies
• f0fb3f1 Allow absolute path as config option (dead link to FAQ (from  getbem/getbem.github.io#147)
• 3b6e991 Release 1.2 version

See the full diff

Package name: stylus-loader

The new version differs by 5 commits.

• 2911f86 3.0.0
• dad0444 Add 3.0.0 to changelog
• 58c428d Merge branch 'fix-deprecation'
• 3398ff8 Drop webpack 1 and node < 4 support
• e759052 fix deprecated warning

See the full diff

Package name: webpack

The new version differs by 250 commits.

• bf4ec9c 3.0.0
• 9feda63 Merge pull request #5028 from webpack/feature/externalize_uglify_plugin
• 49d6e38 Merge pull request #5086 from webpack/ci/node-8
• 3dcb133 OSX test on node.js 8
• f4b8785 Merge pull request #5012 from webpack/TheLarkInn-patch-1
• d26c402 chore(deps): upgrade uglifyjs-webpack-plugin deps to get latest webpack-sources so tests pass
• 3da4f3e Merge pull request #5085 from jbellenger/jbellenger/rawmodule-hash
• 8c9dc14 fix RawModule hashing
• c2c5d73 Update README.md
• 316d4b9 Merge pull request #5084 from timse/remove-duplicate-code
• ae18552 update test case with changed hash due to less clutter in dependencies
• fc20348 unite iteration through modules into one loop
• 083843e remove code that pushes arrays of dependencies into dependencies
• ab636b0 Merge pull request #5075 from andreipfeiffer/master
• 3b3449c Refactor: use const for non reassignable identifier
• 2ba0499 3.0.0-rc.2
• 1769fa2 Merge pull request #5064 from webpack/feature/scope-hoisting-multi-entry
• a73646a Merge pull request #5060 from mikesherov/reason-chunks-as-set
• 28f826a consistent order
• 8a30188 use Set for ModuleReason chunk rewriting
• 5d4ba56 Allow scope hoisting to process modules in multiple chunks
• d6a7594 harmony modules without exports have no exports instead of unknown
• 3ae782d Merge pull request #5049 from KTruong888/ES6_refactoring_multicompiler
• 18cdba8 4099_ES6 refactor lib/MultiCompiler.js

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)