[Snyk] Fix for 1 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: chalk

The new version differs by 53 commits.

• 3fca615 2.0.0
• f66271e Add tagged template literal (#163)
• 23ef1c7 fix linter errors
• c015568 add rainbow example
• 09fb2d8 Re-implement `chalk.enabled` (#160)
• 608242a spoof supports-color
• 18f2e7c add host information output
• 523b998 Revert "TEMPORARY: emergency travis CI fix (see comments)"
• 54975fb TEMPORARY: emergency travis CI fix (see comments)
• 1d73b21 Improve readme
• 6f4d6b3 Bump dependencies
• 8702496 Remove `chalk.styles`
• 0412cdf Minor code improvements
• 249b9ac ES2015ify the codebase
• cb3f230 Add RGB (256/Truecolor) support (#140)
• dbae68d Update dependent package count in the readme (#154)
• 9b60021 Drop support for Node.js 0.10 and 0.12
• 0d21449 check parent builder object for enabled status (#142)
• 5a69476 add XO badge
• 492f11f add example file
• 4ce73b6 make XO happy
• 7c02cf4 Add log statement to chalk examples (#129)
• 835ca3d You've just reached 10,000 dependent modules. (#122)
• 74c087d minor doc improvements (#120)

See the full diff

Package name: css-loader

The new version differs by 9 commits.

• 43179a8 chore(release): 1.0.0
• 3d53968 Merge remote-tracking branch 'origin/master'
• 240db53 version 1.0 (#742)
• 1b7acf7 Merge remote-tracking branch 'origin/master'
• 1703721 docs(README): add more context to `localIdentName` (#711)
• 1c51265 docs(README): fix malformed emoji (#701)
• 50f8ec0 Merge remote-tracking branch 'origin/master'
• 07444ad tests: css custom variables (#709)
• 3de8aa7 tests: css custom variables (#709)

See the full diff

Package name: eslint

The new version differs by 250 commits.

• b7d79b1 7.3.0
• bf98627 Build: changelog update for 7.3.0
• 638a6d6 Update: add missing `additionalProperties: false` to some rules' schema (#13198)
• 949a5cd Update: fix operator-linebreak overrides schema (#13199)
• 9e1414e New: Add no-promise-executor-return rule (fixes #12640) (#12648)
• 09cc0a2 Update: max-lines reporting loc improvement (refs #12334) (#13318)
• ee2fc2e Update: object-property-newline end location (refs #12334) (#13399)
• d98152a Update: added empty error array check for false negative (#13200)
• 7fb45cf Fix: clone config before validating (fixes #12592) (#13034)
• aed46f6 Sponsors: Sync README with website
• 7686d7f Update: semi-spacing should check do-while statements (#13358)
• cbd0d00 Update: disallow multiple options in comma-dangle schema (fixes #13165) (#13166)
• b550330 New: Add no-unreachable-loop rule (fixes #12381) (#12660)
• 13999d2 Update: curly should check consequent `if` statements (#12947)
• c42e548 Chore: enable exceptRange option in the yoda rule (#12857)
• 6cfbd03 Update: Drop @ typescript-eslint/eslint-recommended from `eslint --init` (#13340)
• 796f269 Chore: update eslint-config-eslint's required node version (#13379)
• 9d0186e Docs: Fix changelog versions (#13410)
• 1ee3c42 Docs: On maxEOF with eol-last (fixes #12742) (#13374)
• 2a21049 Update: key-spacing loc changes for extra space (refs #12334) (#13362)
• 7ce7988 Chore: Replace the inquirer dependency with enquirer (#13254)
• 0f1f5ed Docs: Add security policy link to README (#13403)
• 9e9ba89 Sponsors: Sync README with website
• ca59fb9 Sponsors: Sync README with website

See the full diff

Package name: postcss-calc

The new version differs by 80 commits.

• cefd2c3 8.0.0
• 44847c3 Update dependencies
• 6826ba5 update: use PostCSS 8 API. (#125)
• f16d55c chore(release): 7.0.5
• 5621761 fix: reduction(#121)
• 111a48d 7.0.4
• 9807c5e Correctly handle summands that cancel out and pull out common factors
• 7a3bc58 chore(release): 7.0.3
• 0282bdc fix: substracted css-variable from zero (#111)
• 295b1df Bump acorn from 6.1.1 to 6.4.1 (#105)
• bcae630 7.0.2
• 5fcc943 Update dependencies (#102)
• 6260789 fix: incorrect reduction of subtraction from zero (#88) (#93)
• 29ff26e refactor: reducer
• 0f01794 refactor: reducer
• d71d9cf fix: doesn't remove calc for single function
• b5e20dc refactor: parser (#86)
• b91c6e9 feat: relax parser on unknown units (#85)
• 69a3ca0 refactor: convert unit utils (#84)
• 1cd2c5f fix: handle numbers with exponen composed (#83)
• c4db282 test: comments (#82)
• 112178b ci: add node@10 (#81)
• 5e55420 test: newline (#80)
• 016a444 fix: handle plus sign before value (#79)

See the full diff

Package name: postcss-custom-media

The new version differs by 25 commits.

• 24234a2 8.0.0
• d861c70 Merge pull request Bump tar from 4.4.8 to 4.4.15 kriasoft/react-app#57 from postcss/postcss-8
• 31bd6a6 Support PostCSS 8
• ca22cf6 7.0.8
• 5db224c 7.0.7
• f095211 7.0.6
• 70ee277 Update README.md
• 0929148 7.0.5
• 1d9d913 Polish readme
• 75c2768 7.0.4
• 39a25e0 7.0.3
• 407c33c 7.0.2
• b59e59a 7.0.1
• b780656 7.0.0
• 926f1ef Use PostCSS 7
• 8336b81 Update README.md heading
• d472113 Fix badge
• e2c61ac Merge pull request Possible babel issues when migrating existing CRA kriasoft/react-app#30 from postcss/feature/cssdb-badge
• 8f03744 Add CSS Standard Status
• 8136745 Change link to specification
• c9192e5 6.0.0
• 20c908d Update dependencies
• 41c1a50 docs: explain better usage of extensions option (Update README.md kriasoft/react-app#23)
• ce2c592 Merge pull request Electron support kriasoft/react-app#22 from postcss/davidtheclark-patch-1

See the full diff

Package name: postcss-custom-properties

The new version differs by 74 commits.

• 421253e 11.0.0
• 276957a Support PostCSS 8 (#229)
• 8445f78 10.0.0
• 32a21b8 Fix build
• b686923 feat: upgrade postcss-values-parser to version without high risk vulnererability (#228)
• 3d7288c 9.2.0
• ef36467 Fix 'basic:export-scss' test
• 27efa3e Fix/multipart values (#222)
• 4dbb3fc Export to SCSS file (#212)
• 6c7addc support for ".pcss" file resolution in importFrom option (#211)
• 817c42a Added a note on readme (#214)
• a250907 fix multiple var on a single property (#210)
• b898eb2 Update README.md (#206)
• 24c108b Allow combined selectors (#199)
• d2d1d59 9.1.1
• 44dfb33 Preserve spaces in multi-part values.
• 1e1ef6b 9.1.0
• 3e72084 9.0.2
• 6680f67 9.0.1
• 2d309a8 9.0.0
• 837da49 8.0.11
• ffad7a9 Fix grunt example
• 0e5a66d upgrade to postcss-values-parser@3
• 654d59d 8.0.10

See the full diff

Package name: postcss-custom-selectors

The new version differs by 22 commits.

• 9862be0 6.0.0
• a816049 Update dependencies
• 174c44c Merge pull request Bump http-proxy from 1.17.0 to 1.18.1 kriasoft/react-app#46 from DanielSwensson/fix/support-postcss-8
• 656e5b4 Migrate postcss@8
• cfb004c Update index.js
• babc7aa Fix bug importing from multiple sources
• 4a422f0 5.1.2
• 83292da 5.1.1
• 6380b00 5.1.0
• aadf18c 5.0.0
• 77742dd Use PostCSS 7
• 17d2d63 Merge pull request Bump js-yaml from 3.12.1 to 3.13.1 kriasoft/react-app#35 from postcss/feature/cssdb-badge
• bc926c5 Add CSS Standard Status
• cd71c8f 4.0.1
• e865603 Fix incorrect export
• dbfa0b3 4.0.0
• fb5c007 Update dependencies
• 3ce0cc2 Merge pull request Vulnerabilty in webpack-dev-server dependency of react-app-tools  kriasoft/react-app#32 from Semigradsky/fix-npm-test
• 62ca821 Fix travis config
• 70adb94 Fix `npm test` error
• 53bf235 Merge pull request issue with react-app kriasoft/react-app#28 from jonathanKingston/pseudo-class-test
• cf0f7dc Adding in test for multiple selectors with a pseudo class

See the full diff

Package name: postcss-flexbugs-fixes

The new version differs by 26 commits.

• ff3e5a2 Port to PostCSS 8 API. (Bump css-what from 2.1.2 to 2.1.3 kriasoft/react-app#71)
• 5eb09c7 fix calc regex (Bump eventsource from 1.0.7 to 1.1.1 kriasoft/react-app#69)
• 85f7d29 remove indent rules
• 8a0cc84 Release 4.2.0
• f4886dc upgrade packages + prettier
• 04e66ac fix: don't mess with values that reference custom props (Bump follow-redirects from 1.6.1 to 1.14.8 kriasoft/react-app#64)
• c51f4e7 Bump mixin-deep from 1.3.1 to 1.3.2 (Bump tmpl from 1.0.4 to 1.0.5 kriasoft/react-app#60)
• fa13fa0 Bump js-yaml from 3.12.0 to 3.13.1 (Bump url-parse from 1.4.4 to 1.5.3 kriasoft/react-app#61)
• 629e11d Bump extend from 3.0.1 to 3.0.2 (Bump follow-redirects from 1.6.1 to 1.14.7 kriasoft/react-app#62)
• 95327e0 4.1.0
• 45d8db1 Add option to disable bug fixes (Bump url-parse from 1.4.4 to 1.5.1 kriasoft/react-app#53)
• b5704e9 Add changelog entry
• 60c8e5f chore(deps): upgrade `postcss` to `7` (Bump ssri from 6.0.1 to 6.0.2 kriasoft/react-app#51)
• 7974ef7 Update README.md (Bump ini from 1.3.5 to 1.3.7 kriasoft/react-app#47)
• d9d3955 Revert "Revert Autoremoval of 0% Basis" (Bump http-proxy from 1.17.0 to 1.18.1 kriasoft/react-app#46)
• bae98c0 Push changelog
• fe6215e Revert Autoremoval of 0% Basis (Bump websocket-extensions from 0.1.3 to 0.1.4 kriasoft/react-app#43)
• f04c45f 3.2.0 release
• 527c51c Set flex basis if second value is not a number (Bump handlebars from 4.1.0 to 4.5.3 kriasoft/react-app#41)
• bb142b2 bump version
• c825631 Update CHANGELOG.md
• f386599 Update CHANGELOG.md
• bd68bc1 Fix empty flex-basis on safari and chrome (Bump handlebars from 4.1.0 to 4.5.1 kriasoft/react-app#40)
• c6a2b10 adding yarn + changelog

See the full diff

Package name: postcss-import

The new version differs by 98 commits.

• 7cdbb2b 13.0.0
• a189892 Update dependency sugarss to v3 (#433)
• 64d57af Update dependency postcss-scss to v3 (#431)
• 4fb6746 Update dependency postcss-value-parser to v4 (#423)
• 19632bc Update dependency prettier to v2 (#419)
• c5679db Add support for postcss v8 (#432)
• d288ea3 BREAKING: Require Node 10 or later; update CI config (#429)
• 21ad9eb Configure Renovate (#411)
• 614fb64 Fix linting
• 3a7f728 Update prettier to version 1.19.1 (#408)
• 7680182 Update prettier to version 1.18.0 (#398)
• 25013d6 chore(package): update prettier to version 1.17.0 (#393)
• 87f4320 Update eslint-plugin-import to version 2.17.1 (#395)
• 56516e7 Actually fix sourcmap test
• 93b7af8 Fix sourcemap tests
• d68f50a Update ava to version 1.0.1 (#384)
• 00e2d03 Update LICENSE (#383)
• eb7ff85 Update prettier to version 1.15.0 (#382)
• 397cc44 12.0.1
• 67f4553 Set plugin property on dependency messages (#380)
• f98dd1a Update eslint-plugin-prettier to version 3.0.0 (#377)
• 85c7e6a Update sugarss to version 2.0.0 (#375)
• a9a7ab2 Loosen prettier dependency to use ~ instead of pinning versions
• 20dd08f Remove npmpub; doesn't work with npm 2FA --otp

See the full diff

Package name: postcss-loader

The new version differs by 244 commits.

• 792e217 chore(release): 4.0.0
• 598f36d docs: improve readme
• cad6f07 fix: avoid mutations of options and config (#470)
• 77449e1 test: union (#469)
• 9b75888 feat: reuse AST from other loaders (#468)
• 5e4a77b fix: resolve `from` and `to` from config and options (#467)
• 225b2e5 refactor: do not validate `postcss` options (#466)
• 3d32c35 fix: `default` export for plugins (#465)
• 38ebe08 refactor: `execute` option (#464)
• d0ea725 refactor: config loading
• 108d871 test: more
• b4d3bcc chore: remove unnecessary dev deps (#460)
• 475278c chore: move `postcss` to `peerDependencies` (#459)
• 98441ff fix: respect the `map` option and source maps (#458)
• ba88040 refactor: do not pass meta from other loaders (#457)
• 25a16a0 refactor: source map code
• 677c2fe refactor: removed `inline` value for the `sourceMap` option (#454)
• d8d84f7 refactor: code (#453)
• 3cd85df refactor: code
• 6eb44ed refactor: code
• 53da71a refactor: sourcemap paths
• d7bc470 feat: array syntax for plugins
• 2cd7614 refactor: code (#451)
• 60e4f12 docs: addDependency (#448)

See the full diff

Package name: postcss-media-minmax

The new version differs by 13 commits.

• d0fe43c 5.0.0
• c6be784 Merge pull request assets.json file structure kriasoft/react-app#27 from Semigradsky/postcss-8
• d526cf3 Support PostCSS 8
• f25abff 4.0.0
• 8a254c6 Update PostCSS
• 9109000 Upgrade to PostCSS 7
• ce59e54 Merge pull request Configure Renovate - autoclosed #20 from postcss/feature/cssdb-badge
• 42ad9ec Add CSS Standard Status
• 00291bb chore: add npmpub for release
• 26cc94d Merge pull request [Snyk] Fix for 1 vulnerabilities #18 from jonathantneal/feature/postcss6
• 97e0861 3.0.0
• 470737f Update comment test
• 712582a Use PostCSS 6

See the full diff

Package name: postcss-nesting

The new version differs by 36 commits.

• 64ba9ac 8.0.0 (#75)
• 52ec2d9 build: fix output filename (#74)
• 82979ea Support postcss 8 (Bump decode-uri-component from 0.2.0 to 0.2.2 kriasoft/react-app#72)
• 643577f 7.0.1
• ab01c5c Update README.md spec link and deprecation notice
• 87c6d34 7.0.0
• 84fe507 Upgrade PostCSS to 7.0.2
• d4691eb 6.0.0
• 34a3aae Fix cssdb badge and link
• 78f9cd1 5.0.0
• f51dda6 4.2.1
• c857ccf Move transform into its own function
• 8f7122e Update dev dependencies
• 524d34e 4.2.0
• 8c13c72 Normalize CHANGELOG
• 8de8fc8 Reduce the splitting of rules
• 5e2fc78 Update devDependencies
• bfb37c3 Update README
• d868e49 Add CSS Standard Status
• 27c3311 Update gitignore
• 7afb45a Update dependencies
• 4d16c84 4.1.0
• 9dab9a6 Use spaces in Markdown files
• 7eacf48 Use mutation-safe walk method (Bump handlebars from 4.1.0 to 4.7.6 kriasoft/react-app#45)

See the full diff

Package name: postcss-selector-not

The new version differs by 24 commits.

• d25312f 5.0.0
• e439a3d Merge pull request [Snyk] Security upgrade ejs from 2.7.4 to 3.1.7 #16 from postcss/postcss-8
• 3de1907 Support PostCSS 8
• fefab08 4.0.1
• 20f8897 Merge pull request [Snyk] Fix for 1 vulnerabilities #17 from michgeek/master
• 8228db1 Add edge case about attribute selectors containing :not
• 64b10ed Merge pull request [Snyk] Security upgrade webpack from 1.15.0 to 4.0.0 #15 from postcss/Semigradsky-patch-1
• 34ff778 Update README.md
• 64862c8 Update README.md
• 12ed317 4.0.0
• a980515 Ensure escaped colons do not break selector transformations
• 0508237 Upgrade postcss version
• 77c5e7f Update README.md - cssdb stage
• 2a4964b Merge pull request [Snyk] Security upgrade markdown-it from 7.0.1 to 12.3.2 #12 from Nemo64/patch-1
• 52d9119 fixed [Snyk] Upgrade file-loader from 0.9.0 to 0.11.2 #4
• 618e446 Merge pull request [Snyk] Fix for 1 vulnerabilities #9 from postcss/feature/cssdb-badge
• d45e8c9 Add CSS Standard Status
• a85a52f 3.0.1
• 83f3c8e Fix incorrect export ([Snyk] Fix for 1 vulnerabilities #8)
• efa6b4d 3.0.0
• 075aa5c Merge pull request [Snyk] Security upgrade css-loader from 0.28.11 to 2.0.0 #7 from Semigradsky/master
• c260886 Update dependencies
• c154f29 Merge pull request [Snyk] Upgrade style-loader from 0.13.2 to 0.23.1 #2 from timaschew/patch-1
• 94858d5 typo fix

See the full diff

Package name: stylelint

The new version differs by 250 commits.

• cf2f45f 13.7.0
• 797cc84 Prepare 13.7.0
• fb4287c Prepare changelog
• d725b88 Update dependencies
• 9401f56 Update CHANGELOG.md
• 2b7e8ad Deprecate *-blacklist/*-requirelist/*-whitelist (#4892)
• 181f3d9 Fix some path / glob problems (#4867)
• 3cfc658 Update CHANGELOG.md
• 0a17b64 Add a reportDescriptionlessDisables flag (#4907)
• 5446be2 Fix CHANGELOG.md format via Prettier (#4910)
• 260e743 Fix callbacks in tests (#4903)
• d0a150e Update CHANGELOG.md
• 2c4d77f Fix false positives for trailing combinator in selector-combinator-space-after (#4878)
• e2da124 Add coc-stylelint (#4901)
• fd1875d Update CHANGELOG.md
• e124033 Add support for *.cjs config files (#4905)
• 858dcd5 Add a reportDisables secondary option (#4897)
• 40e60ce Support multi-line disable descriptions (#4895)
• 03f494d faster levenshtein (#4874)
• a5b8277 Update CHANGELOG.md
• 9e1edfa Fix TypeError for custom properties fallback in length-zero-no-unit (#4860)
• 1e52251 Update CHANGELOG.md
• 53f5c18 Add autofix to *-no-vendor rules (#4859)
• 23c0e81 Bump @ stylelint/postcss-css-in-js from 0.37.1 to 0.37.2 (#4888)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic