[Snyk] Fix for 1 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	551/1000 Why? Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: css-loader

The new version differs by 250 commits.

• 1351e3a chore(release): 5.0.0
• 747d62b feat: allow named exports to have underscores in names (#1209)
• 7bfe85d chore(deps): update (#1208)
• b5c9379 feat: postcss@8 (#1204)
• 92fe103 docs: context is localIdentContext in README (#1202)
• e5a9272 chore(deps): update (#1203)
• 63b41be refactor: emoji deprecate
• 9f974be feat: reduce runtime
• d779eb1 feat: escape getLocalIdent by default (#1196)
• dd52931 feat: hide warning on no plugins (#1195)
• 52412f6 feat: improve error message
• 0f95841 feat: add fallback if custom getLocalIdent returns null (#1193)
• 2f1573f feat: auto enable icss modules
• df111b8 test: import with file protocol
• cfe669f refactor: remove icss option (#1189)
• 57eb505 chore(release): 4.3.0
• 3ddcc7b chore(deps): update deps (#1186)
• 88b8ddc fix: line breaks in `url` function
• 8b865fe test: source map (#1180)
• ec58a7c feat: the `importLoaders` can be `string` (#1178)
• df490c7 test: sass-loader next (#1177)
• 26a3062 chore(release): 4.2.2
• e42f046 refactor: improve sources handling in source maps (#1176)
• 4ce556a docs: fix type (#1174)

See the full diff

Package name: postcss-import

The new version differs by 24 commits.

• 7cdbb2b 13.0.0
• a189892 Update dependency sugarss to v3 (Adding Electron Support dojo/cli-build-app#433)
• 64d57af Update dependency postcss-scss to v3 (Upgrade to webpack 5 dojo/cli-build-app#431)
• 4fb6746 Update dependency postcss-value-parser to v4 (Fix loading images from code split CSS and maintain dev structure/remove hashes from all dev assets dojo/cli-build-app#423)
• 19632bc Update dependency prettier to v2 (Fix bugs introduced in #416 dojo/cli-build-app#419)
• c5679db Add support for postcss v8 (Proxy configuration not being honored dojo/cli-build-app#432)
• d288ea3 BREAKING: Require Node 10 or later; update CI config (Source map paths are flattened dojo/cli-build-app#429)
• 21ad9eb Configure Renovate (Unable to use dependencies installed using npm link dojo/cli-build-app#411)
• 614fb64 Fix linting
• 3a7f728 Update prettier to version 1.19.1 (Dont resolve promises on continuous processes dojo/cli-build-app#408)
• 7680182 Update prettier to version 1.18.0 (Use eslint for consumer code dojo/cli-build-app#398)
• 25013d6 chore(package): update prettier to version 1.17.0 (Display BTR logging in console output dojo/cli-build-app#393)
• 87f4320 Update eslint-plugin-import to version 2.17.1 (Compile legacy and modern builds in a single pass dojo/cli-build-app#395)
• 56516e7 Actually fix sourcmap test
• 93b7af8 Fix sourcemap tests
• d68f50a Update ava to version 1.0.1 (Remove ".bundle." from filenames dojo/cli-build-app#384)
• 00e2d03 Update LICENSE (Update postcss-preset-env dependency dojo/cli-build-app#383)
• eb7ff85 Update prettier to version 1.15.0 (Bump acorn from 5.7.3 to 5.7.4 dojo/cli-build-app#382)
• 397cc44 12.0.1
• 67f4553 Set plugin property on dependency messages (Fix cldr path for windows dojo/cli-build-app#380)
• f98dd1a Update eslint-plugin-prettier to version 3.0.0 (add support to tslint.json linterOptions.exclude dojo/cli-build-app#377)
• 85c7e6a Update sugarss to version 2.0.0 (Remove css rule for dts loader dojo/cli-build-app#375)
• a9a7ab2 Loosen prettier dependency to use ~ instead of pinning versions
• 20dd08f Remove npmpub; doesn't work with npm 2FA --otp

See the full diff

Package name: postcss-loader

The new version differs by 39 commits.

• 792e217 chore(release): 4.0.0
• 598f36d docs: improve readme
• cad6f07 fix: avoid mutations of options and config (Update source map loader dependency dojo/cli-build-app#470)
• 77449e1 test: union (build fails after upgrading to v7 when there are widgets that use i18n with horrible error message dojo/cli-build-app#469)
• 9b75888 feat: reuse AST from other loaders (BTR should skip tel links dojo/cli-build-app#468)
• 5e4a77b fix: resolve `from` and `to` from config and options (Prepend main css file to the main bundle's css file dojo/cli-build-app#467)
• 225b2e5 refactor: do not validate `postcss` options (Pass features map down to BTR dojo/cli-build-app#466)
• 3d32c35 fix: `default` export for plugins (Update Dependencies dojo/cli-build-app#465)
• 38ebe08 refactor: `execute` option (Bump postcss from 8.1.7 to 8.2.10 dojo/cli-build-app#464)
• d0ea725 refactor: config loading
• 108d871 test: more
• b4d3bcc chore: remove unnecessary dev deps (Update webpack-contrib to 8.0.0-beta.2 dojo/cli-build-app#460)
• 475278c chore: move `postcss` to `peerDependencies` (Add the ability to store resources against individual pages in the cache for Build Time Render dojo/cli-build-app#459)
• 98441ff fix: respect the `map` option and source maps (Bump ssri from 6.0.1 to 6.0.2 in /test-app dojo/cli-build-app#458)
• ba88040 refactor: do not pass meta from other loaders (Builds fail with web3 dojo/cli-build-app#457)
• 25a16a0 refactor: source map code
• 677c2fe refactor: removed `inline` value for the `sourceMap` option (Test linux build master dojo/cli-build-app#454)
• d8d84f7 refactor: code (Update package-lock dojo/cli-build-app#453)
• 3cd85df refactor: code
• 6eb44ed refactor: code
• 53da71a refactor: sourcemap paths
• d7bc470 feat: array syntax for plugins
• 2cd7614 refactor: code (Bump elliptic from 6.5.3 to 6.5.4 dojo/cli-build-app#451)
• 60e4f12 docs: addDependency (On my local machine i have problems to run the dojo "npm run build" command, please help, on other machines it just runs fine dojo/cli-build-app#448)

See the full diff

Package name: postcss-preset-env

The new version differs by 4 commits.

• 5ba7cdb 6.0.1
• 63f0659 6.0.0
• 499e144 Add configuring section
• 03ed59c Add more docs about autoprefixer

See the full diff

Package name: stylelint

The new version differs by 250 commits.

• cf2f45f 13.7.0
• 797cc84 Prepare 13.7.0
• fb4287c Prepare changelog
• d725b88 Update dependencies
• 9401f56 Update CHANGELOG.md
• 2b7e8ad Deprecate *-blacklist/*-requirelist/*-whitelist (#4892)
• 181f3d9 Fix some path / glob problems (#4867)
• 3cfc658 Update CHANGELOG.md
• 0a17b64 Add a reportDescriptionlessDisables flag (#4907)
• 5446be2 Fix CHANGELOG.md format via Prettier (#4910)
• 260e743 Fix callbacks in tests (#4903)
• d0a150e Update CHANGELOG.md
• 2c4d77f Fix false positives for trailing combinator in selector-combinator-space-after (#4878)
• e2da124 Add coc-stylelint (#4901)
• fd1875d Update CHANGELOG.md
• e124033 Add support for *.cjs config files (#4905)
• 858dcd5 Add a reportDisables secondary option (#4897)
• 40e60ce Support multi-line disable descriptions (#4895)
• 03f494d faster levenshtein (#4874)
• a5b8277 Update CHANGELOG.md
• 9e1edfa Fix TypeError for custom properties fallback in length-zero-no-unit (#4860)
• 1e52251 Update CHANGELOG.md
• 53f5c18 Add autofix to *-no-vendor rules (#4859)
• 23c0e81 Bump @ stylelint/postcss-css-in-js from 0.37.1 to 0.37.2 (#4888)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic