[Snyk] Fix for 1 vulnerabilities

[hex22a]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	551/1000 Why? Recently disclosed, Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-POSTCSS-5926692	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: css-loader

The new version differs by 250 commits.

• 1351e3a chore(release): 5.0.0
• 747d62b feat: allow named exports to have underscores in names (#1209)
• 7bfe85d chore(deps): update (#1208)
• b5c9379 feat: postcss@8 (#1204)
• 92fe103 docs: context is localIdentContext in README (#1202)
• e5a9272 chore(deps): update (#1203)
• 63b41be refactor: emoji deprecate
• 9f974be feat: reduce runtime
• d779eb1 feat: escape getLocalIdent by default (#1196)
• dd52931 feat: hide warning on no plugins (#1195)
• 52412f6 feat: improve error message
• 0f95841 feat: add fallback if custom getLocalIdent returns null (#1193)
• 2f1573f feat: auto enable icss modules
• df111b8 test: import with file protocol
• cfe669f refactor: remove icss option (#1189)
• 57eb505 chore(release): 4.3.0
• 3ddcc7b chore(deps): update deps (#1186)
• 88b8ddc fix: line breaks in `url` function
• 8b865fe test: source map (#1180)
• ec58a7c feat: the `importLoaders` can be `string` (#1178)
• df490c7 test: sass-loader next (#1177)
• 26a3062 chore(release): 4.2.2
• e42f046 refactor: improve sources handling in source maps (#1176)
• 4ce556a docs: fix type (#1174)

See the full diff

Package name: postcss-font-magician

The new version differs by 22 commits.

• 9efffe8 [3.0.0] migrate to Postcss 8 API
• 3009368 Bump acorn from 7.1.0 to 7.1.1 (#84)
• 157bb72 Bump lodash from 4.17.15 to 4.17.19 (#90)
• 4b927c2 [2.3.1] add support of Material Icons font
• ed91ad9 [2.3.0] add support for subsets of the google fonts unicode ranges
• da72cda [2.2.2] update google fonts lists (#77)
• 6aa468a Clarified how to use 'foundaries' option
• 5765576 [2.2.1] update google fonts lists
• c8d9d5c [2.2.0] fix issue with parsing of array options
• b228d67 Fix parse array options #64 (#65)
• b82558f Update README.md
• 47ef6c1 Update README.md
• 6795d7a [2.1.2] Support for Node 4 is no longer supported
• 9bfc7ba [2.0.2] fix tests, remove gulp from dependencies, add precommit linting
• 7311f87 [2.0.1] fix tests, `hosted` issue
• 727c91e Update package.json
• 0520775 Update .travis.yml
• aea79fd 2.0.0
• 44b0887 Organize package.json
• be56b96 Update devDependencies
• d214908 Use PostCSS 6
• 6374918 Update Tests

See the full diff

Package name: postcss-import

The new version differs by 85 commits.

• 7cdbb2b 13.0.0
• a189892 Update dependency sugarss to v3 (#433)
• 64d57af Update dependency postcss-scss to v3 (#431)
• 4fb6746 Update dependency postcss-value-parser to v4 (#423)
• 19632bc Update dependency prettier to v2 (#419)
• c5679db Add support for postcss v8 (#432)
• d288ea3 BREAKING: Require Node 10 or later; update CI config (#429)
• 21ad9eb Configure Renovate (#411)
• 614fb64 Fix linting
• 3a7f728 Update prettier to version 1.19.1 (#408)
• 7680182 Update prettier to version 1.18.0 (#398)
• 25013d6 chore(package): update prettier to version 1.17.0 (#393)
• 87f4320 Update eslint-plugin-import to version 2.17.1 (#395)
• 56516e7 Actually fix sourcmap test
• 93b7af8 Fix sourcemap tests
• d68f50a Update ava to version 1.0.1 (#384)
• 00e2d03 Update LICENSE (#383)
• eb7ff85 Update prettier to version 1.15.0 (#382)
• 397cc44 12.0.1
• 67f4553 Set plugin property on dependency messages (#380)
• f98dd1a Update eslint-plugin-prettier to version 3.0.0 (#377)
• 85c7e6a Update sugarss to version 2.0.0 (#375)
• a9a7ab2 Loosen prettier dependency to use ~ instead of pinning versions
• 20dd08f Remove npmpub; doesn't work with npm 2FA --otp

See the full diff

Package name: postcss-loader

The new version differs by 156 commits.

• 792e217 chore(release): 4.0.0
• 598f36d docs: improve readme
• cad6f07 fix: avoid mutations of options and config (#470)
• 77449e1 test: union (#469)
• 9b75888 feat: reuse AST from other loaders (#468)
• 5e4a77b fix: resolve `from` and `to` from config and options (#467)
• 225b2e5 refactor: do not validate `postcss` options (#466)
• 3d32c35 fix: `default` export for plugins (#465)
• 38ebe08 refactor: `execute` option (#464)
• d0ea725 refactor: config loading
• 108d871 test: more
• b4d3bcc chore: remove unnecessary dev deps (#460)
• 475278c chore: move `postcss` to `peerDependencies` (#459)
• 98441ff fix: respect the `map` option and source maps (#458)
• ba88040 refactor: do not pass meta from other loaders (#457)
• 25a16a0 refactor: source map code
• 677c2fe refactor: removed `inline` value for the `sourceMap` option (#454)
• d8d84f7 refactor: code (#453)
• 3cd85df refactor: code
• 6eb44ed refactor: code
• 53da71a refactor: sourcemap paths
• d7bc470 feat: array syntax for plugins
• 2cd7614 refactor: code (#451)
• 60e4f12 docs: addDependency (#448)

See the full diff

Package name: precss

The new version differs by 14 commits.

• bafe9c3 3.0.0
• 559e84d 2.0.0
• a229fd8 package.json
• 867b221 Update plugin organization
• bd71070 Merge branch 'master' of github.com:jonathantneal/precss
• 6c51f13 PostCSS 6 - updated dependencies
• d25d0ac README.md - Use scss for code blocks
• cd3279d Merge pull request #85 from jboelen/patch-1
• 2935fae .travis.yml - Node 4
• c2520f6 Merge pull request #72 from pacosegovia/master
• eb4866f Merge pull request #79 from RobLoach/fix-tests
• 1ba6285 Update postcss-partial-import dependency
• b9f8293 Fix the tests
• 04635ea Update README.md

See the full diff

Package name: stylelint

The new version differs by 250 commits.

• 060310c 14.0.0
• ff4a1ef Prepare CHANGELOG
• 8d2f6e1 Bump postcss (#5619)
• f552608 Merge pull request #5618 from stylelint/dependabot/npm_and_yarn/husky-7.0.4
• 7ed17ad Bump husky from 7.0.2 to 7.0.4
• 4d9f75e Merge pull request #5617 from stylelint/dependabot/npm_and_yarn/jest-27.3.1
• bc9dd0b Bump jest from 27.2.5 to 27.3.1
• 82e2507 Merge pull request #5604 from stylelint/v14
• 16d259f Update CHANGELOG.md
• 70b1149 Fix false positives for dynamic-range keywords in media-feature-name-no-unknown (#5613)
• 8dca498 Show more info in missing customSyntax warning (#5611)
• 2eee0a9 Remove v14 CI triggers (#5610)
• 12f8081 14.0.0-0
• 5dd7ec1 Prepare 14.0.0
• 67313a3 Add support for `extends` in `overrides` config (#5603)
• b6fd2fc Document no need for postcss-html maintainer (#5602)
• bf28025 Recommend using shared configs (#5598)
• 07118d6 Update CHANGELOG.md
• 367142a Change `ignoreFiles` to be extendable (#5596)
• 1b4162f Fix conflicts in dependabot
• 87c5fde Bump picocolors from 0.2.1 to 1.0.0 (#5601)
• 1f32094 Bump typescript from 4.4.3 to 4.4.4 (#5599)
• 88b9575 Revise contributors section of README (#5585)
• e38da70 Use problem rather than violation in docs and types (#5592)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Improper Input Validation