[Snyk] Fix for 1 vulnerabilities

[lectriceye]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: chalk

The new version differs by 53 commits.

• 3fca615 2.0.0
• f66271e Add tagged template literal (#163)
• 23ef1c7 fix linter errors
• c015568 add rainbow example
• 09fb2d8 Re-implement `chalk.enabled` (#160)
• 608242a spoof supports-color
• 18f2e7c add host information output
• 523b998 Revert "TEMPORARY: emergency travis CI fix (see comments)"
• 54975fb TEMPORARY: emergency travis CI fix (see comments)
• 1d73b21 Improve readme
• 6f4d6b3 Bump dependencies
• 8702496 Remove `chalk.styles`
• 0412cdf Minor code improvements
• 249b9ac ES2015ify the codebase
• cb3f230 Add RGB (256/Truecolor) support (#140)
• dbae68d Update dependent package count in the readme (#154)
• 9b60021 Drop support for Node.js 0.10 and 0.12
• 0d21449 check parent builder object for enabled status (#142)
• 5a69476 add XO badge
• 492f11f add example file
• 4ce73b6 make XO happy
• 7c02cf4 Add log statement to chalk examples (#129)
• 835ca3d You've just reached 10,000 dependent modules. (#122)
• 74c087d minor doc improvements (#120)

See the full diff

Package name: css-loader

The new version differs by 80 commits.

• 634ab49 chore(release): 2.0.0
• 6ade2d0 refactor: remove unused file (#860)
• e7525c9 test: nested url (#859)
• 7259faa test: css hacks (#858)
• 5e6034c feat: allow to filter import at-rules (#857)
• 5e702e7 feat: allow filtering urls (#856)
• 9642aa5 test: css stuff (#855)
• 3338656 fix: reduce number of require for url (#854)
• 533abbe test: issue 636 (#853)
• 08c551c refactor: better warning on invalid url resolution (#852)
• b0aa159 test: issue #589 (#851)
• f599c70 fix: broken unucode characters (#850)
• 1e551f3 test: issue 286 (#849)
• 419d27b docs: improve readme (#848)
• d94a698 refactor: webpack-default (#847)
• b97d997 feat: schema options
• 453248f fix: support module resolution in composes (#845)
• 8a6ea10 refactor: postcss plugins (#844)
• fdcf687 fix: url resolving logic (#843)
• 889dc7f feat: allow to disable css modules and disable their by default (#842)
• ee2d253 test: importLoaders option (#841)
• 1dad1fb feat: reuse postcss ast from other loaders (i.e `postcss-loader`) (#840)
• fe94ebc test: icss reserved keywords (#839)
• 9eaba66 refactor: migrate on message api for postcss-icss-plugin (#838)

See the full diff

Package name: eslint

The new version differs by 250 commits.

• c4fffbc 8.0.0
• d51f4cf Build: changelog update for 8.0.0
• 7d3f7f0 Upgrade: unfrozen @ eslint/eslintrc (fixes #15036) (#15146)
• 2174a6f Fix: require-atomic-updates property assignment message (fixes #15076) (#15109)
• f885fe0 Docs: add note and example for extending the range of fix (refs #13706) (#13748)
• 3da1509 Docs: Add jsdoc `type` annotation to sample rule (#15085)
• 68a49a9 Docs: Update Rollup Integrations (#15142)
• d867f81 Docs: Remove a dot from curly link (#15128)
• 9f8b919 Sponsors: Sync README with website
• 4b08f29 Sponsors: Sync README with website
• ebc1ba1 Sponsors: Sync README with website
• 2d654f1 Docs: add example .eslintrc.json (#15087)
• 16034f0 Docs: fix fixable example (#15107)
• 07175b8 8.0.0-rc.0
• 71faa38 Build: changelog update for 8.0.0-rc.0
• 67c0074 Update: Suggest missing rule in flat config (fixes #14027) (#15074)
• cf34e5c Update: space-before-blocks ignore after switch colons (fixes #15082) (#15093)
• c9efb5f Fix: preserve formatting when rules are removed from disable directives (#15081)
• 14a4739 Update: `no-new-func` rule catching eval case of `MemberExpression` (#14860)
• 7f2346b Docs: Update release blog post template (#15094)
• fabdf8a Chore: Remove `target.all` from `Makefile.js` (#15088)
• e3cd141 Sponsors: Sync README with website
• 05d7140 Chore: document target global in Makefile.js (#15084)
• 0a1a850 Update: include `ruleId` in error logs (fixes #15037) (#15053)

See the full diff

Package name: pixrem

The new version differs by 9 commits.

• 80581f4 Bump major version to drop node 4 support
• e72db33 Merge pull request Bump url-parse from 1.4.4 to 1.5.7 kriasoft/react-app#65 from ai/dependencies
• acfa952 Update Node.js versions
• 6cdca78 Update dependencies
• 5ac0e16 Merge pull request Bump ini from 1.3.5 to 1.3.7 kriasoft/react-app#47 from sebdeckers/patch-1
• 465958b 4.0.1
• b759c20 4.0.0
• d317b0a Bump to PostCSS v6 & Browserslist v2 (fix Bump url-parse from 1.4.4 to 1.5.3 kriasoft/react-app#61 Bump follow-redirects from 1.6.1 to 1.14.7 kriasoft/react-app#62)
• 9ac0d6c Correct SPDX identifier

See the full diff

Package name: postcss-custom-media

The new version differs by 12 commits.

• b780656 7.0.0
• 926f1ef Use PostCSS 7
• 8336b81 Update README.md heading
• d472113 Fix badge
• e2c61ac Merge pull request Possible babel issues when migrating existing CRA kriasoft/react-app#30 from postcss/feature/cssdb-badge
• 8f03744 Add CSS Standard Status
• 8136745 Change link to specification
• c9192e5 6.0.0
• 20c908d Update dependencies
• 41c1a50 docs: explain better usage of extensions option (Update README.md kriasoft/react-app#23)
• ce2c592 Merge pull request Electron support kriasoft/react-app#22 from postcss/davidtheclark-patch-1
• 20213fc Fix broken link to spec draft

See the full diff

Package name: postcss-custom-properties

The new version differs by 39 commits.

• 6ef218d 8.0.0
• e0f68f9 Use postcss 7
• cd964ce Drop node@4 support
• 7775416 Use PostCSS 7
• a115c35 Update dependencies
• 4508964 Allow `warnings` option to be an object to configure each warning
• 4adb75c Fix appendVariables appending duplicate vars
• ccc045d Update README.md badges
• 4f7ad35 Update README.md cssdb badge
• 0bf934d change "preserve-computed" to "computed"
• 1b495ce Fix documentation code examples for preserve option
• f108950 Update README.md
• f17bf96 7.0.0
• bb69518 6.3.1
• 52526c3 6.3.0
• cdb1fb0 Update documentation
• c6f9140 No warnings by default
• 5d4620c Preserve by default
• c517378 Make options more explicit expectations
• 7cbf239 Support spec-valid whitespace
• a64158a Update dependencies
• 3f4e7fa Fix documentation for warning option
• 86637d1 Only transform var() functions
• 59ba7a6 Preserve declaration comments

See the full diff

Package name: postcss-custom-selectors

The new version differs by 13 commits.

• aadf18c 5.0.0
• 77742dd Use PostCSS 7
• 17d2d63 Merge pull request Bump js-yaml from 3.12.1 to 3.13.1 kriasoft/react-app#35 from postcss/feature/cssdb-badge
• bc926c5 Add CSS Standard Status
• cd71c8f 4.0.1
• e865603 Fix incorrect export
• dbfa0b3 4.0.0
• fb5c007 Update dependencies
• 3ce0cc2 Merge pull request Vulnerabilty in webpack-dev-server dependency of react-app-tools  kriasoft/react-app#32 from Semigradsky/fix-npm-test
• 62ca821 Fix travis config
• 70adb94 Fix `npm test` error
• 53bf235 Merge pull request issue with react-app kriasoft/react-app#28 from jonathanKingston/pseudo-class-test
• cf0f7dc Adding in test for multiple selectors with a pseudo class

See the full diff

Package name: postcss-flexbugs-fixes

The new version differs by 14 commits.

• 60c8e5f chore(deps): upgrade `postcss` to `7` (Bump ssri from 6.0.1 to 6.0.2 kriasoft/react-app#51)
• 7974ef7 Update README.md (Bump ini from 1.3.5 to 1.3.7 kriasoft/react-app#47)
• d9d3955 Revert "Revert Autoremoval of 0% Basis" (Bump http-proxy from 1.17.0 to 1.18.1 kriasoft/react-app#46)
• bae98c0 Push changelog
• fe6215e Revert Autoremoval of 0% Basis (Bump websocket-extensions from 0.1.3 to 0.1.4 kriasoft/react-app#43)
• f04c45f 3.2.0 release
• 527c51c Set flex basis if second value is not a number (Bump handlebars from 4.1.0 to 4.5.3 kriasoft/react-app#41)
• bb142b2 bump version
• c825631 Update CHANGELOG.md
• f386599 Update CHANGELOG.md
• bd68bc1 Fix empty flex-basis on safari and chrome (Bump handlebars from 4.1.0 to 4.5.1 kriasoft/react-app#40)
• c6a2b10 adding yarn + changelog
• c010abf Merge pull request Bump js-yaml from 3.12.1 to 3.13.1 kriasoft/react-app#35 from evilebottnawi/postcss-v6
• 715b67e Chore: [breaking changes] minimum required `postcss` version is now `^6.0.1`.

See the full diff

Package name: postcss-import

The new version differs by 74 commits.

• aae7db3 12.0.0
• d9bc09f Update eslint-config-i-am-meticulous to version 11.0.0 (#371)
• 3868ce2 Update postcss-scss to version 2.0.0 (#370)
• 1c40a5f Update prettier to version 1.14.0 (#373)
• 8c8c7ec Update eslint to version 5.0.0 (#364)
• 92e38d7 Drop Node 4 from AppVeyor
• 9cd2953 Use PostCSS 7 & drop support for Node.js 4 (#372)
• 84d35e2 Update prettier to version 1.13.5 (#363)
• 7127b77 Update eslint-config-i-am-meticulous to version 10.0.0 (#362)
• fcc31b1 Update npmpub to version 4.0.0 (#360)
• c62200b Update eslint-config-i-am-meticulous to version 9.0.0 (#361)
• 3d9dc49 Update prettier to version 1.13.0 (#357)
• f72bdc2 Update prettier to version 1.12.1 (#353)
• 64ffaa2 Update prettier to version 1.12.0 (#352)
• af2747d Update prettier to version 1.11.0 (#346)
• a941757 11.1.0
• 5a99783 Add Filter Parameter (#327)
• 7c863ea Update eslint-config-i-am-meticulous to version 8.0.0 (#344)
• 78c0832 Update ava to version 0.25.0 (#343)
• 2949578 Silence postcss warnings in tests
• d5e0f10 Update .gitignore
• 7ab52b7 Add tests for importing sub-files/directories from npm packages (#337)
• df611c2 Update eslint to version 4.16.0 (#336)
• b53e7f5 Update prettier to version 1.10.2 (#333)

See the full diff

Package name: postcss-loader

The new version differs by 205 commits.

• 7647ac9 chore(release): 3.0.0
• 313c3c4 docs(README): update filename formatting
• d6931da refactor(Error): add `error` property checks
• 962b1d6 refactor(options): remove `ident` from validation schema
• 1f98aee refactor(Warning): add `warning` property checks
• 95de4c1 docs(LOADER): update JSDoc
• ea68a42 chore(package): update `schema-utils` v0.4.5...1.0.0 (`dependencies`)
• 73a8c66 chore(ISSUE_TEMPLATE/DOCS): add template for documentation issues
• 70f4426 chore(ISSUE_TEMPLATE/FEATURE): add feature request template
• 4a0328e chore(ISSUE_TEMPLATE/BUG): move bug reports into their own template
• 319d1f7 chore(PULL_REQUEST_TEMPLATE): improve format and content
• bdcbef0 refactor(src): update code base with latest ES2015+ features
• f34954f fix(index): add ast version (`meta.ast`)
• 8ac6fb5 fix(index): emit `warnings` as an instance of `{Error}`
• 2c6033b test(Errors): remove stacktrace from snapshot
• 549ea08 fix(options): improved `ValidationError` messages
• fbf05de test: replace helpers with `@ webpack-utilities/test` (#386)
• daa0da8 chore(package): update `postcss` v6.0.0...7.0.0 (`dependencies`) (#375)
• 114db12 docs(README): add autoprefixing example (#380)
• 8772814 style(standard): fix linting issues
• 8ef443f ci(travis): build stages
• 6f10898 ci(appveyor): readd Appveyor CI (#381)
• 0bb835c ci(package): run tests in an explicit environment (`jest --env=node`) (#382)
• 5e2bca9 docs(README): replace `postcss-cssnext` with `postcss-preset-env` (#379)

See the full diff

Package name: postcss-media-minmax

The new version differs by 10 commits.

• f25abff 4.0.0
• 8a254c6 Update PostCSS
• 9109000 Upgrade to PostCSS 7
• ce59e54 Merge pull request Configure Renovate - autoclosed #20 from postcss/feature/cssdb-badge
• 42ad9ec Add CSS Standard Status
• 00291bb chore: add npmpub for release
• 26cc94d Merge pull request [Snyk] Fix for 1 vulnerabilities #18 from jonathantneal/feature/postcss6
• 97e0861 3.0.0
• 470737f Update comment test
• 712582a Use PostCSS 6

See the full diff

Package name: postcss-nesting

The new version differs by 31 commits.

• 87c6d34 7.0.0
• 84fe507 Upgrade PostCSS to 7.0.2
• d4691eb 6.0.0
• 34a3aae Fix cssdb badge and link
• 78f9cd1 5.0.0
• f51dda6 4.2.1
• c857ccf Move transform into its own function
• 8f7122e Update dev dependencies
• 524d34e 4.2.0
• 8c13c72 Normalize CHANGELOG
• 8de8fc8 Reduce the splitting of rules
• 5e2fc78 Update devDependencies
• bfb37c3 Update README
• d868e49 Add CSS Standard Status
• 27c3311 Update gitignore
• 7afb45a Update dependencies
• 4d16c84 4.1.0
• 9dab9a6 Use spaces in Markdown files
• 7eacf48 Use mutation-safe walk method (Bump handlebars from 4.1.0 to 4.7.6 kriasoft/react-app#45)
• 6a09374 fix: a case in which test rule will compose another valid CSS qualified name (Bump elliptic from 6.4.1 to 6.5.3 kriasoft/react-app#44)
• 410cfc7 4.0.1
• b638e5a Improve selector validity testing
• 4b783f9 Update .travis.yml
• c1cd77f 4.0.0

See the full diff

Package name: postcss-selector-matches

The new version differs by 8 commits.

• adc8f08 4.0.0
• 76589c1 Upgrade postcss to v7
• c9df668 Merge pull request [Snyk] Security upgrade webpack from 1.15.0 to 4.0.0 #15 from postcss/feature/cssdb-badge
• 016dc99 Add CSS Standard Status
• d3370bc 3.0.1
• e9ecf08 Fix incorrect export
• b701fa6 3.0.0
• 0206644 Update dependencies

See the full diff

Package name: postcss-selector-not

The new version differs by 15 commits.

• 12ed317 4.0.0
• a980515 Ensure escaped colons do not break selector transformations
• 0508237 Upgrade postcss version
• 77c5e7f Update README.md - cssdb stage
• 2a4964b Merge pull request [Snyk] Security upgrade markdown-it from 7.0.1 to 12.3.2 #12 from Nemo64/patch-1
• 52d9119 fixed [Snyk] Upgrade file-loader from 0.9.0 to 0.11.2 #4
• 618e446 Merge pull request [Snyk] Fix for 1 vulnerabilities #9 from postcss/feature/cssdb-badge
• d45e8c9 Add CSS Standard Status
• a85a52f 3.0.1
• 83f3c8e Fix incorrect export ([Snyk] Fix for 1 vulnerabilities #8)
• efa6b4d 3.0.0
• 075aa5c Merge pull request [Snyk] Security upgrade css-loader from 0.28.11 to 2.0.0 #7 from Semigradsky/master
• c260886 Update dependencies
• c154f29 Merge pull request [Snyk] Upgrade style-loader from 0.13.2 to 0.23.1 #2 from timaschew/patch-1
• 94858d5 typo fix

See the full diff

Package name: stylelint

The new version differs by 250 commits.

• cf2f45f 13.7.0
• 797cc84 Prepare 13.7.0
• fb4287c Prepare changelog
• d725b88 Update dependencies
• 9401f56 Update CHANGELOG.md
• 2b7e8ad Deprecate *-blacklist/*-requirelist/*-whitelist (#4892)
• 181f3d9 Fix some path / glob problems (#4867)
• 3cfc658 Update CHANGELOG.md
• 0a17b64 Add a reportDescriptionlessDisables flag (#4907)
• 5446be2 Fix CHANGELOG.md format via Prettier (#4910)
• 260e743 Fix callbacks in tests (#4903)
• d0a150e Update CHANGELOG.md
• 2c4d77f Fix false positives for trailing combinator in selector-combinator-space-after (#4878)
• e2da124 Add coc-stylelint (#4901)
• fd1875d Update CHANGELOG.md
• e124033 Add support for *.cjs config files (#4905)
• 858dcd5 Add a reportDisables secondary option (#4897)
• 40e60ce Support multi-line disable descriptions (#4895)
• 03f494d faster levenshtein (#4874)
• a5b8277 Update CHANGELOG.md
• 9e1edfa Fix TypeError for custom properties fallback in length-zero-no-unit (#4860)
• 1e52251 Update CHANGELOG.md
• 53f5c18 Add autofix to *-no-vendor rules (#4859)
• 23c0e81 Bump @ stylelint/postcss-css-in-js from 0.37.1 to 0.37.2 (#4888)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.