[Snyk] Security upgrade css-loader from 0.28.4 to 1.0.0 by snyk-bot · Pull Request #54 · harunpehlivan/JavaScriptServices

snyk-bot · Sep 13, 2021

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- templates/ReactReduxSpa/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: css-loader

The new version differs by 41 commits.

43179a8 chore(release): 1.0.0
3d53968 Merge remote-tracking branch 'origin/master'
240db53 version 1.0 (Duplicate identifiers in FetchData.tsx aspnet/JavaScriptServices#742)
1b7acf7 Merge remote-tracking branch 'origin/master'
1703721 docs(README): add more context to `localIdentName` (Using asp-prerender-module with Office 365 Fabric and React aspnet/JavaScriptServices#711)
1c51265 docs(README): fix malformed emoji (Is it possible to pass arbitrary .NET types including delegates? aspnet/JavaScriptServices#701)
50f8ec0 Merge remote-tracking branch 'origin/master'
07444ad tests: css custom variables (.netcore Anguar2: main-server.js and main-client.js are not getting refreshed on component changes aspnet/JavaScriptServices#709)
3de8aa7 tests: css custom variables (.netcore Anguar2: main-server.js and main-client.js are not getting refreshed on component changes aspnet/JavaScriptServices#709)
df497db chore(release): 0.28.11
c788450 fix(lib/processCss): don't check `mode` for `url` handling (`options.modules`) (tsx - Babel loader in webpack.config.js aspnet/JavaScriptServices#698)
c35d8bd chore(release): 0.28.10
9f876d2 fix(getLocalIdent): add `rootContext` support (`webpack >= v4.0.0`) (templates/ReactReduxSpa uses ExtractTextPlugin in development mode aspnet/JavaScriptServices#681)
0452f26 test: hashes inside `@ font-face` url (HMR duplicating the app root when changing html or scss, working normal when changing ts ONLY aspnet/JavaScriptServices#678)
630579d chore(release): 0.28.9
604bd4b chore(package): update dependencies
d1d8221 fix: ignore invalid URLs (`url()`) (redux store created AFTER router match while doing server-side rendering in ReactReduxSpa aspnet/JavaScriptServices#663)
0fc46c7 chore(release): 0.28.8
333a2ce chore(package): update `dependencies`
39773aa ci(travis): use `npm`
8897d44 fix: proper URL escaping and wrapping (`url()`) (Call to Node module failed with error: If you use aspnet-prerendering >= 2.0.0, you must update your server-side boot module to call createServerRenderer. Either update your boot module code, or revert to aspnet-prerendering version 1.x aspnet/JavaScriptServices#627)
0dccfa9 fix(loader): correctly check if source map is `undefined` (sudden issue with webpack middleware aspnet/JavaScriptServices#641)
d999f4a docs: Update importLoaders documentation (Angular2 forms error when using JavaScriptServices/Universal aspnet/JavaScriptServices#646)
05c36db test: removed redundant `modules` argument (I suggest using the release github feature aspnet/JavaScriptServices#599)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908

fix: templates/ReactReduxSpa/package.json to reduce vulnerabilities

2b76348

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Security upgrade css-loader from 0.28.4 to 1.0.0#54

[Snyk] Security upgrade css-loader from 0.28.4 to 1.0.0#54
snyk-bot wants to merge 1 commit intodevharunpehlivan/JavaScriptServices:devfrom
snyk-fix-d990c193eac31b7e5639aa893438f9b8harunpehlivan/JavaScriptServices:snyk-fix-d990c193eac31b7e5639aa893438f9b8Copy head branch name to clipboard

snyk-bot commented Sep 13, 2021

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Search code, repositories, users, issues, pull requests...

Conversation

snyk-bot commented Sep 13, 2021

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant