[Snyk] Fix for 13 vulnerabilities #15

panickervinod · 2022-10-05T20:24:19Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
409/1000 Why? Has a fix available, CVSS 3.9	Cross-site Scripting (XSS) SNYK-JS-ANGULARCORE-1070902	Yes	No Known Exploit
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
701/1000 Why? Mature exploit, Has a fix available, CVSS 6.3	Cross-site Scripting (XSS) SNYK-JS-JQUERY-565129	No	Mature
711/1000 Why? Mature exploit, Has a fix available, CVSS 6.5	Cross-site Scripting (XSS) SNYK-JS-JQUERY-567880	No	Mature
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	No	Proof of Concept
731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	No	Proof of Concept
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	No	Proof of Concept
589/1000 Why? Has a fix available, CVSS 7.5	Directory Traversal SNYK-JS-MOMENT-2440688	No	No Known Exploit
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	No	Proof of Concept
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: css-loader

The new version differs by 67 commits.

634ab49 chore(release): 2.0.0
6ade2d0 refactor: remove unused file (#860)
e7525c9 test: nested url (#859)
7259faa test: css hacks (#858)
5e6034c feat: allow to filter import at-rules (#857)
5e702e7 feat: allow filtering urls (#856)
9642aa5 test: css stuff (#855)
3338656 fix: reduce number of require for url (#854)
533abbe test: issue 636 (#853)
08c551c refactor: better warning on invalid url resolution (#852)
b0aa159 test: issue DEA11Y-24 bcgov/MyGovBC-MSP#589 (#851)
f599c70 fix: broken unucode characters (#850)
1e551f3 test: issue 286 (#849)
419d27b docs: improve readme (#848)
d94a698 refactor: webpack-default (#847)
b97d997 feat: schema options
453248f fix: support module resolution in composes (#845)
8a6ea10 refactor: postcss plugins (#844)
fdcf687 fix: url resolving logic (#843)
889dc7f feat: allow to disable css modules and disable their by default (#842)
ee2d253 test: importLoaders option (#841)
1dad1fb feat: reuse postcss ast from other loaders (i.e `postcss-loader`) (#840)
fe94ebc test: icss reserved keywords (#839)
9eaba66 refactor: migrate on message api for postcss-icss-plugin (#838)