Update dependencies

[patricksmms]

Most of the dependencies are outdated.

Some of them don't include license files, therefore can't be used legally, but in their latest versions that has been cleared out.

Also some have been renamed and have modified APIs:
babel-code-frame -> @babel/code-frame
postcss-modules-scope -> postcss-icss-composes
postcss-modules-values -> postcss-icss-values

[alexander-akait]

Impossible solve now, we use old css modules specification, you point on ICSS spec what is not stable

[alexander-akait]

Only babel-code-frame can be updated

[patricksmms]

Oh. Then unfortunately we won't be able to use css-loader, as not all of its dependencies have license files in their packages (a legal requirement).

[alexander-akait]

@patricksmms this packages have license field (with MIT) and it is enough for legal reasons

[patricksmms]

It's not. MIT license requires the inclusion of the full license in all the copies of the software, as clearly stated

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
https://opensource.org/licenses/MIT

[alexander-akait]

@patricksmms feel free to send a PR to old version plugins and we update their here

[alexander-akait]

License problem with css-selector-tokenizer already solved, you can send a PR with updated version here

[patricksmms]

Once we have postcss-modules-scope@1.3.1 and postcss-modules-values@1.1.1 published, with the license files, we can update the dependencies as follows:

  "dependencies": {
    "@babel/code-frame": "^7.0.0",
    "css-selector-tokenizer": "^0.7.1",
    "icss-utils": "^3.0.1",
    "loader-utils": "^1.1.0",
    "lodash": "^4.17.11",
    "postcss": "^6.0.23",
    "postcss-modules-extract-imports": "^2.0.0",
    "postcss-modules-local-by-default": "^1.2.0",
    "postcss-modules-scope": "^1.1.1",
    "postcss-modules-values": "^1.3.1",
    "postcss-value-parser": "^3.3.1",
    "source-list-map": "^2.0.1"
  },
  "devDependencies": {
    "codecov": "^3.1.0",
    "eslint": "5.8.0",
    "istanbul": "^0.4.5",
    "mocha": "^5.2.0",
    "should": "^13.2.3",
    "standard-version": "^4.4.0"
  },

and change the line 229 of lib/processCss.js to:

'\n\n' + formatCodeFrame.codeFrameColumns(source, { start: { line: loc.line, column: loc.column } }) + '\n';

[alexander-akait]

Yep

[alexander-akait]

Done in master, will be release in near future

[ghost]

Shouldn't loader-utils dependency be updated in the master branch?
I think it should be 1.1.0 but it's 1.0.2

[alexander-akait]

@sepikas We use "loader-utils": "^1.0.2", so updating or installation always fetch latest version, please read about semver and how dependencies work in package.json