[Snyk] Fix for 1 vulnerabilities

[jydmyk]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	551/1000 Why? Recently disclosed, Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-POSTCSS-5926692	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: css-loader

The new version differs by 15 commits.

• 1351e3a chore(release): 5.0.0
• 747d62b feat: allow named exports to have underscores in names (Rename about-collaborative-development-models.md to collaborative-dev… github/docs#1209)
• 7bfe85d chore(deps): update (add container registry preview image github/docs#1208)
• b5c9379 feat: postcss@8 (This PR is stale because it has been open 7 days with no activity and will be automatically closed in 3 days. To keep this PR open, update the PR by adding a comment or pushing a commit. github/docs#1204)
• 92fe103 docs: context is localIdentContext in README ([GitHub Desktop] Stashing changes feature github/docs#1202)
• e5a9272 chore(deps): update ([GitHub Desktop] Disabling repo indicators feature github/docs#1203)
• 63b41be refactor: emoji deprecate
• 9f974be feat: reduce runtime
• d779eb1 feat: escape getLocalIdent by default (chore: Upgrade actions/cache to v2.1.3 github/docs#1196)
• dd52931 feat: hide warning on no plugins (فح github/docs#1195)
• 52412f6 feat: improve error message
• 0f95841 feat: add fallback if custom getLocalIdent returns null (Remove note about package immutability github/docs#1193)
• 2f1573f feat: auto enable icss modules
• df111b8 test: import with file protocol
• cfe669f refactor: remove icss option (SSH file to "id_ed25519.pub" github/docs#1189)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Improper Input Validation

[socket-security]

New, updated, and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Packages	Version	New capabilities	Transitives	Size	Publisher
strip-ansi	6.0.1	None	+1	9.64 kB	sindresorhus
classnames	2.3.2	None	+0	18.8 kB	dcousens
domwaiter	1.1.0...1.4.0	network	+36/-30	7.16 MB	zeke
next	10.2.0...10.2.3	None	+109/-129	54.6 MB	zeit-bot
jest-github-actions-reporter	1.0.2...1.0.3	None	+0/-1	284 kB	cschleiden
npm-merge-driver-install	2.0.0...2.0.2	None	+2/-0	55.4 kB	brandonocasey
github-slugger	1.2.1...1.5.0	None	+0/-1	13.5 kB	wooorm
@babel/plugin-proposal-class-properties	7.12.13...7.18.6	filesystem	+26/-26	7.9 MB	nicolo-ribaudo
@primer/components	28.0.1...28.5.0	None	+37/-37	20.4 MB	primer-css
lunr-languages	1.4.0...1.13.0	None	+0/-0	2.16 MB	mihaivalentin
semver	5.7.1...5.7.2	None	+0/-0	63.3 kB	lukekarrys
pa11y-ci	2.4.0...2.4.2	None	+38/-26	9.71 MB	joseluisbolos
husky	4.2.1...4.3.8	environment	+16/-21	713 kB	typicode
glob	7.1.6...7.2.3	None	+2/-3	96.9 kB	isaacs
@graphql-tools/load	6.2.5...6.2.8	None	+27/-23	6.7 MB	ardatan
@babel/preset-react	7.12.13...7.22.15	filesystem	+30/-31	7.94 MB	nicolo-ribaudo
express-timeout-handler	2.2.0...2.2.2	None	+0/-0	6.84 kB	hilleer
babel-plugin-styled-components	1.12.0...1.13.3	None	+26/-24	12.6 MB	probablyup
@babel/plugin-transform-modules-amd	7.12.13...7.23.0	filesystem	+26/-31	7.92 MB	nicolo-ribaudo
js-yaml	3.14.0...3.14.1	None	+0/-0	291 kB	vitaly
csv-parse	4.8.8...4.16.3	environment	+0/-0	668 kB	david
@types/react-dom	17.0.3...17.0.21	None	+4/-4	1.42 MB	types
mockdate	3.0.2...3.0.5	None	+0/-0	13.8 kB	boblauer
rss-parser	3.12.0...3.13.0	None	+2/-2	2.09 MB	bobby-brennan
@babel/preset-env	7.12.13...7.22.20	shell	+109/-108	13.5 MB	nicolo-ribaudo
website-scraper	4.2.0...4.2.3	None	+23/-21	2.05 MB	s0ph1e
@babel/plugin-transform-modules-commonjs	7.12.13...7.23.0	filesystem	+26/-31	7.94 MB	nicolo-ribaudo
html-entities	1.2.1...1.4.0	None	+0/-0	68.6 kB	mdevils
@types/lodash	4.14.168...4.14.199	None	+0/-0	863 kB	types
react	17.0.1...17.0.2	None	+0/-0	291 kB	gaearon
@types/react	17.0.4...17.0.67	None	+3/-3	1.4 MB	types
date-fns	2.21.3...2.30.0	None	+2/-0	6.96 MB	kossnocorp
nodemon	2.0.4...2.0.22	None	+11/-45	616 kB	remy
@babel/core	7.12.13...7.23.0	filesystem	+24/-23	7.89 MB	nicolo-ribaudo
async	3.2.0...3.2.4	None	+0/-0	821 kB	hargasinski
express	4.17.1...4.18.2	None	+29/-17	1.23 MB	dougwilson
styled-components	5.3.0...5.3.11	None	+26/-24	12.6 MB	probablyup
cross-env	7.0.2...7.0.3	None	+0/-1	29.1 kB	kentcdodds
hot-shots	8.2.0...8.5.2	None	+1/-2	108 kB	bdeitte
@babel/runtime	7.11.2...7.23.1	None	+1/-1	275 kB	nicolo-ribaudo
resolve-url-loader	3.1.2...5.0.0	environment	+8/-25	808 kB	bholloway
replace	1.2.0...1.2.2	None	+8/-9	95.1 kB	almaclaine
morgan	1.9.1...1.10.0	None	+0/-1	29.7 kB	dougwilson
helmet	3.21.2...3.23.3	None	+2/-6	329 kB	evanhahn
jest-expect-message	1.0.2...1.1.3	None	+0/-0	12.7 kB	mattphillips
webpack-cli	4.6.0...4.10.0	shell, environment	+74/-72	17.3 MB	evilebottnawi
directory-tree	2.2.6...2.4.0	None	+0/-0	11.2 kB	mihneadb
object-hash	2.0.1...2.2.0	None	+0/-0	59 kB	addaleax
robots-parser	2.1.1...2.4.0	None	+0/-0	19.4 kB	samclarke
webpack	5.30.0...5.88.2	network, shell, environment	+56/-49	16.6 MB	thelarkinn
cheerio	1.0.0-rc.3...1.0.0-rc.12	network	+12/-4	2.63 MB	feedic
start-server-and-test	1.12.0...1.15.5	environment	+21/-27	6.27 MB	bahmutov
cookie-parser	1.4.5...1.4.6	None	+1/-0	30.2 kB	dougwilson
copy-webpack-plugin	6.0.3...6.4.1	shell	+86/-84	17.9 MB	evilebottnawi
nock	13.0.4...13.3.3	None	+1/-1	222 kB	nockbot
gray-matter	4.0.2...4.0.3	None	+1/-1	330 kB	rmassaioli
react-dom	17.0.1...17.0.2	None	+2/-2	3.39 MB	gaearon
linkinator	2.13.6...2.16.2	network	+59/-76	2.12 MB	justinbeckwith
csv-parser	2.3.3...2.3.5	None	+2/-3	206 kB	trysound
sass-loader	9.0.2...9.0.3	shell	+64/-64	22.4 MB	evilebottnawi
style-loader	1.2.1...1.3.0	shell, environment	+59/-55	16.9 MB	evilebottnawi
eslint-config-standard	16.0.1...16.0.3	None	+64/-109	10.2 MB	linusu
chalk	4.1.0...4.1.2	None	+0/-3	35 kB	sindresorhus
css-loader	4.3.0...5.2.7	shell, environment	+70/-66	17.7 MB	evilebottnawi
commander	6.2.0...6.2.1	None	+0/-0	113 kB	abetomo
webpack-dev-middleware	4.1.0...4.3.0	shell, environment	+61/-53	16.9 MB	evilebottnawi
mini-css-extract-plugin	1.4.1...1.6.2	shell, environment	+59/-53	17 MB	evilebottnawi
uuid	8.3.0...8.3.2	None	+0/-0	116 kB	ctavan
babel-loader	8.1.0...8.3.0	shell	+81/-89	24.2 MB	nicolo-ribaudo
mime	2.5.2...2.6.0	None	+0/-0	60.1 kB	broofa
@graphql-inspector/core	2.3.0...2.9.0	None	+4/-2	2.45 MB	kamilkisiela
javascript-stringify	2.0.1...2.1.0	None	+0/-0	71.9 kB	blakeembrey
prettier	2.1.2...2.8.8	environment	+0/-0	11.2 MB	prettier-bot
jimp	0.16.1...0.16.13	None	+54/-46	17.2 MB	alisowski
@primer/css	16.2.0...16.3.0	None	+1/-2	7.56 MB	primer-css
liquidjs	9.22.1...9.43.0	None	+0/-0	1.29 MB	harttle
flat	5.0.0...5.0.2	None	+0/-1	26.6 kB	timoxley
eslint	7.13.0...7.32.0	eval	+46/-53	8.04 MB	eslintbot
eslint-plugin-promise	4.2.1...4.3.1	None	+0/-0	40.2 kB	xjamundx
redis	3.1.1...3.1.2	None	+1/-1	198 kB	leibale
dotenv	8.2.0...8.6.0	None	+0/-0	23.9 kB	motdotla
eslint-plugin-import	2.22.1...2.28.1	None	+61/-105	10.1 MB	ljharb
express-rate-limit	5.1.3...5.5.1	None	+0/-0	22.1 kB	nfriedly
graphql	14.6.0...14.7.0	None	+0/-0	1.83 MB	i1g
typescript	4.2.4...4.9.5	None	+0/-0	66.8 MB	typescript-bot
sass	1.26.3...1.68.0	filesystem	+3/-7	5.36 MB	sassbot
aws-sdk	2.610.0...2.1467.0	environment	+18/-6	88.5 MB	aws-sdk-bot

🚮 Removed packages: @actions/[email protected], @babel/[email protected], @babel/[email protected], [email protected], [email protected], [email protected]

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Issue	Package	Version	Note	Source
Protestware/Troll package	styled-components	5.3.11	Note: This package prints a protestware console message regarding Ukraine for users with Russian language locale	@primer/[email protected], [email protected] via package.json package.json

Next steps

What is protestware and troll packages?

This package is a joke, parody, or includes undocumented or hidden behavior unrelated to its primary function.

Consider that consuming this package my come along with functionality unrelated to its primary purpose.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore [email protected] bar@* or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore [email protected]