[Snyk] Fix for 1 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • app/angular/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: html-loader

The new version differs by 55 commits.

• d7cccfa chore(release): 1.0.0
• 3c9a1d8 refactor: `attributes` option ([Snyk] Security upgrade markdown-loader from 2.0.2 to 7.0.0 #265)
• 8c73761 feat: `preprocessor` option ([Snyk] Security upgrade markdown-loader from 2.0.2 to 7.0.0 #263)
• f2ce5b1 feat: improve errors
• 9923244 chore(deps): update ([Snyk] Fix for 1 vulnerabilities #260)
• 9835bde feat: supports `link:href` attribute for css ([Snyk] Security upgrade react-native from 0.51.1 to 0.64.0 #258)
• 7af2eff refactor: improve schema ([Snyk] Security upgrade graphiql from 0.11.11 to 0.14.0 #257)
• 98412f9 docs: `filter` sources ([Snyk] Security upgrade react-native from 0.51.1 to 0.64.0 #256)
• ff0f44c feat: implement the `filter` option for filtering some of sources ([Snyk] Security upgrade marked from 0.3.17 to 4.0.10 #255)
• 1c24662 refactor: move the `root` option under the `attributes` option ([Snyk] Security upgrade marked from 0.3.19 to 4.0.10 #254)
• 888b8fe docs: add footnote for `-attributes` ([Snyk] Security upgrade graphiql from 0.11.11 to 1.4.7 #252)
• 3d2907e refactor: remove the `interpolate` option
• bd979e2 refactor: remove the `interpolate` option
• fcba4ec fix: handle only valid srcset tags ([Snyk] Security upgrade @storybook/react from 3.3.15 to 3.4.0 #253)
• 9e5ce56 perf: improve source parse ([Snyk] Security upgrade gatsby from 1.9.232 to 2.1.1 #251)
• c9c8dad refactor: improve source parse ([Snyk] Security upgrade node-sass from 4.14.1 to 7.0.1 #250)
• 079d623 fix: respect `#hash` in sources
• a17df49 fix: reduce `import`/`require` count
• d0b0150 fix: adding quotes when necessary for unquoted sources ([Snyk] Security upgrade react-dev-utils from 5.0.3 to 12.0.0 #247)
• e3727ab test: minifier
• 0bbe29c feat: migrate on `htmlparse2`
• b7af031 fix: escape `\u2028` and `\u2029` characters ([Snyk] Security upgrade node-sass from 4.14.1 to 7.0.0 #244)
• 24b0427 fix: parser tags and attributes according spec ([Snyk] Fix for 1 vulnerabilities #243)
• 3df909d feat: support `script:src` attributes

See the full diff

Package name: html-webpack-plugin

The new version differs by 250 commits.

• 74fae99 chore(release): 5.0.0
• 94a20df chore: update to webpack 5.20.0
• c5c8212 feat: add meta attribute for html tags
• d0ab774 feat: provide public path to the alterAssetTagGroups hook
• 5200ae6 feat: provide public path to the alterAssetTags hook
• ccbe93a chore: update examples to latest webpack version
• 33cbd59 fix: generate html files even if no webpack entry exists
• 826739f feat: allow to use the latest loader-utils and tapable version
• 81d7b2c feat: add typings for options and version
• 8d34b81 fix: use correct casing for webpack type import
• 36f9aca chore: upgrade dev dependencies
• 1755962 chore: fix css-loader for unit testing
• a79ab17 chore: drop support for appcache-webpack-plugin as it is not compatible to webpack 5
• 7c3146d feat: allow to set publicPath to empty string ’’
• b109213 docs: update installation instructions for webpack 4
• 833b46b fix: inject javascripts in the <head> tag for inject:true and scriptLoading:'defer'
• 13af0fb feat: add full support for public paths inside templates
• fd5fe58 refactor: move the publicPath generation into a seperate function
• 60a6ef8 test: add test for experiments: { outputModule: true }
• a43ab72 feat: overrule module output
• 10a0c5e fix: adjust tests as webpack 5 will no longer emit files for builds with errors
• 2975a6a feat: process html during the processAssets stage PROCESS_ASSETS_STAGE_OPTIMIZE_INLINE
• 0f9c239 fix: add support for publicPath: 'auto' in combination with type: 'asset/resource'
• ab8b195 fix: support loaders like raw-loader

See the full diff

Package name: markdown-loader

The new version differs by 56 commits.

• 9d20f85 chore(release): 8.0.0 [skip ci]
• 65e2368 Introduce semantic-release
• de0be90 Update README
• f2d9bf9 Setup GitHub actions workflow
• 96b75a2 Add comment about trampolin module
• 2a7e8c1 Add Prettier
• fc3e3cb Make webpack 5 a peer dependency
• 9c1292a Add ESLint
• 24da889 Add .nvmrc
• a3c0a78 Remove old files
• 03310fd Improve tests
• d208deb Refactor loader
• 2bd1d24 7.0.0
• 01a63ae Update marked@4.0.12
• 31e153c Merge pull request [Snyk] Security upgrade webpack from 3.12.0 to 4.29.0 #78 from Yash-Singh1/patch-1
• a8a32bd Don't return, export
• 447c5b7 6.0.0
• db637b9 5.2.0
• 745671c Merge pull request [Snyk] Fix for 1 vulnerable dependencies #63 from ethancrook99/master
• e9e5f26 Removed node 6 from travis.yml (not supported by some dependencies)
• 513f98b re-generated package-lock
• ea6635c Updated package-lock.json
• 6e2e0ad Updated dependency on html-loader to 1.3.0
• 8126005 Add LICENSE

See the full diff

Package name: sass-loader

The new version differs by 116 commits.

• 45bd865 chore(release): 9.0.0
• 0629915 refactor: code before release
• c11478d test: ambiguous imports (Storybook webapp preview area is blank storybookjs/storybook#855)
• 73009fd docs: yarn pnp + using `dart-sass` by default (Decorators may get applied multiple times storybookjs/storybook#854)
• d487683 feat: pass the loader context to custom importers under `this.webpackLoaderContext` property (Support modules storybookjs/storybook#853)
• b3ffd5b test: resolution logic (Write a contributor guide storybookjs/storybook#852)
• 3abe3f5 fix: resolution logic
• 20b7a11 docs: fix link for prependData (RelayQL: Unexpected invocation ... storybookjs/storybook#847)
• 006c02e refactor: code
• 2a18d5b ci: node@14 (Add a suite of tests to check with new versions of React Native storybookjs/storybook#842)
• 17832fd fix: resolution for `file` scheme
• 744112d fix: perf (Merge channel-postmsg into this repo storybookjs/storybook#840)
• aeb86f0 fix: resolution logic (Is there a way to get this working with Exponent? storybookjs/storybook#839)
• 7380b7b fix: resolution logic (Co-locate stories with components. storybookjs/storybook#838)
• 0c8d3b3 feat: support `process.cwd()` resolution (Reconnect websocket connection on close storybookjs/storybook#837)
• 8376179 feat: support SASS-PATH env variable (Storybook webapp preview area is blank storybookjs/storybook#836)
• ddeff88 test: refactor (Decorators may get applied multiple times storybookjs/storybook#835)
• 24c852a docs: options table (Support modules storybookjs/storybook#834)
• f892eba refactor: code (Write a contributor guide storybookjs/storybook#833)
• 68dd278 fix: avoid different content on different os (Write unit tests storybookjs/storybook#832)
• 1655baf fix: resolution logic (Can only use one device at a time storybookjs/storybook#831)
• fe3b33b fix: resolution logic (Add a link to edit docs. storybookjs/storybook#830)
• 41e0e45 test: foundation-sites (Mention authors with third party addons list storybookjs/storybook#829)
• a3dec34 chore: minimum supported Nodejs version is `10.13` (Implement SSR storybookjs/storybook#828)

See the full diff

Package name: ts-loader

The new version differs by 250 commits.

• 268bc69 chore(deps): upgrade most production deps (Fix display of large components storybookjs/storybook#1237)
• e160564 Add a cache to file path mapping (Installation Confusion RN-.44 storybookjs/storybook#1228)
• 14fa3f8 Add documentation about performance profiling (Change file name to add links storybookjs/storybook#1230)
• 3cc78b8 Fix typo in README.md (Wrong description on Decorators storybookjs/storybook#1229)
• 8f2a509 Add documentation for the useCaseSensitiveFileNames option (Not scrolling in full screen mode on iOS storybookjs/storybook#1227)
• 566e6ce Instead of checking date, check time thats more accurate to see if something has changed (Added coursera demo to docs storybookjs/storybook#1217)
• 172ebeb Feature/typescript 4 1 (Add small design update to addon info package storybookjs/storybook#1213)
• 0816fe9 Add peer dependencies for Yarn PnP (API V2 storybookjs/storybook#1209)
• 4909d99 Fixed missing errors in watch mode in webpack5 (How to access getStoryBook in Node? (Storybook 3.0.1) storybookjs/storybook#1208)
• 3f73e98 Fix failed builds when using thread-loader (Fix bug in addons/graphql in reIndentQuery storybookjs/storybook#1207)
• e90f8ad Fix memory leak when using multiple webpack instances (Marksy initialized with mtrcConf intead of marksyConf storybookjs/storybook#1205)
• 95050eb Speeds up project reference build and doesnt store the result in memory (Added a vanilla React Native example app. storybookjs/storybook#1202)
• f99c7c4 doc: escape pipe in table (Revert moving index.[ios|android].js. storybookjs/storybook#1201)
• 0b4a86d Replace afterCompile to stop webpack 5 warning (Generated React Native files do not work with storybook in a vanilla app. storybookjs/storybook#1200)
• 6d8d601 Fixed deprecation warnings on webpack@5. (Fixed typo in getstorybook project type detection storybookjs/storybook#1195)
• cafc933 Fix installation link on README.md (Options addon must be configured *after* the preview has rendered in React Native storybookjs/storybook#1192)
• f5e901e Bump http-proxy in /examples/react-babel-karma-gulp (An in-range update of eslint-plugin-import is breaking the build 🚨 storybookjs/storybook#1182)
• 0767bce add github action status badge (@storybook/addon-comments v3.0.0 falls with error storybookjs/storybook#1190)
• db5ea55 Feature/upgrade testpack to ts4 (Fixed typo in react-native browser instructions storybookjs/storybook#1189)
• 95b6fe8 Uses existing instance if config file is same as already built solution (Search on documentation storybookjs/storybook#1177)
• b38678a Update minimum compiler version to 3.6.3 (Replaced deprecated markdown-to-react-components with marksy storybookjs/storybook#1188)
• f8eba53 Add documentation and example code for projectReferences (Fix terminal colors by reset console colors explicitly storybookjs/storybook#1184)
• 46d9761 Update docs to show transpileOnly does not affect project references (Feature request: better covfefe storybookjs/storybook#1175)
• 0e64ceb Fix getOptionsHash when two options has different props but same values. (Fix addon panel layout styling storybookjs/storybook#1170)

See the full diff

Package name: webpack

The new version differs by 250 commits.

• 610f368 5.0.0
• 5ce65c1 update examples
• bbe1230 Merge pull request Core: Change react deps to normal deps storybookjs/storybook#11628 from webpack/bugfix/real-content-hash
• 75ecff2 5.0.0-rc.6
• bfc35d6 Merge pull request Addon-docs: Fix Vue defaultValue in props table storybookjs/storybook#11603 from MayaWolf/master
• 76e8cbd Merge pull request CLI: Generate docs:json command dynamically for Angular project storybookjs/storybook#11622 from webpack/dependabot/npm_and_yarn/types/node-13.13.25
• 9fd1be2 chore(deps-dev): bump @ types/node from 13.13.23 to 13.13.25
• 36bcfaa Merge pull request #11621 from webpack/bugfix/11619
• 9130d10 fix called variables with ProvidePlugin
• 3e42105 Merge pull request [Security] Bump codecov from 3.7.0 to 3.7.1 storybookjs/storybook#11620 from webpack/bugfix/11617
• 4709719 skip connections copied to concatenated module
• 57b493f 5.0.0-rc.5
• 1658e2f Merge pull request All parameters are added and merged to all groups + roots in storiesHash storybookjs/storybook#11618 from webpack/bugfix/11615
• a8fb45d fixes crash in SideEffectsFlagPlugin
• 84b196d emit error instead of crashing when unexpected problem occurs
• 5573fed Merge pull request Addon-docs: Automatic source selection based on story type storybookjs/storybook#11601 from Hornwitser/improve-suggested-polyfill-config
• 9b5cce9 Merge pull request CLI: Generate compodoc command based on user's setup storybookjs/storybook#11609 from snitin315/export-types
• 37c495c export type RuleSetUseItem
• 39faf34 export type RuleSetUse
• e5fd246 export type RuleSetConditionAbsolute
• 660baad export RuleSetCondition types
• 13e3ca5 Merge pull request Webpack Hot Reload not working in react Storybook 6.0-rc.9 storybookjs/storybook#11602 from webpack/bugfix/shared-runtime-chunk
• 9c0587e Merge pull request Addon-controls: Expose presetColors for the color control storybookjs/storybook#11606 from webpack/dependabot/npm_and_yarn/simple-git-2.21.0
• 502d166 Merge pull request [Feature request] Ink Storybook storybookjs/storybook#11607 from webpack/dependabot/npm_and_yarn/acorn-8.0.4

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution