[Snyk] Fix for 1 vulnerabilities

[eitanno]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: css-loader

The new version differs by 71 commits.

• 634ab49 chore(release): 2.0.0
• 6ade2d0 refactor: remove unused file (#860)
• e7525c9 test: nested url (#859)
• 7259faa test: css hacks (#858)
• 5e6034c feat: allow to filter import at-rules (#857)
• 5e702e7 feat: allow filtering urls (#856)
• 9642aa5 test: css stuff (#855)
• 3338656 fix: reduce number of require for url (#854)
• 533abbe test: issue 636 (#853)
• 08c551c refactor: better warning on invalid url resolution (#852)
• b0aa159 test: issue #589 (#851)
• f599c70 fix: broken unucode characters (#850)
• 1e551f3 test: issue 286 (#849)
• 419d27b docs: improve readme (#848)
• d94a698 refactor: webpack-default (#847)
• b97d997 feat: schema options
• 453248f fix: support module resolution in composes (#845)
• 8a6ea10 refactor: postcss plugins (#844)
• fdcf687 fix: url resolving logic (#843)
• 889dc7f feat: allow to disable css modules and disable their by default (#842)
• ee2d253 test: importLoaders option (#841)
• 1dad1fb feat: reuse postcss ast from other loaders (i.e `postcss-loader`) (#840)
• fe94ebc test: icss reserved keywords (#839)
• 9eaba66 refactor: migrate on message api for postcss-icss-plugin (#838)

See the full diff

Package name: postcss-cssnext

The new version differs by 16 commits.

• 7730660 3.0.1
• 483b81f Fixed: specify the actual require peer dependency for caniuse database (caniuse-lite is used since latest caniuse-api latest major bump)
• 50557fa Fixed: bump dependencies not updated to PostCSS@6
• efb7100 Update babel config + some devDeps to be able to build website
• 69169ac update package-lock.json to 3.0.0
• 03b6017 3.0.0
• cf9fb19 Docs: fix chalk update issue
• b7d6ffd Merge pull request #400 from MoOx/postcss6-upgrade
• 1781dc7 Docs: Fix id of overflow wrap property in index (#393)
• 8b99180 Ensure a version of caniuse-db that includes css-image-set (#380)
• db0f0fa Add a warning for custom property sets that are going to be removed + an option to hide the warning
• cc7c864 Change: support node4+ up to 8
• 7bb55c1 chore: add package-lock.json and yarn.lock files
• 20ae74d Change: upgrade to PostCSS 6
• af5f9c1 Change link to custom media queries specification
• 974e40b Fix PR link

See the full diff

Package name: postcss-fontpath

The new version differs by 27 commits.

• b70c6fb v1.0.0
• e694bff update README
• aca6515 add license
• bf9bd5e add basic formats test
• ac199ac clean up default opt application
• 9afcd78 add changelog
• 42276d1 add super basic checkPath tests
• a000457 patch checkPath if CSS string is given
• fa09df1 rebuild tests
• 92f64a7 make ie8Fix optional and off by default
• 9eec254 Merge pull request Bump nanoid from 3.1.30 to 3.2.0 #10 from perrin4869/master
• 9a0c647 Merge pull request [Snyk] Security upgrade css-loader from 1.0.0 to 2.0.0 #9 from mikestreety/master
• bdc96b9 Upgrade chai to v4
• 522f498 Fix second test
• 90b16af Upgrade gulp-mocha to v4
• f5b1e20 Fix first test
• 0f40e25 Lint JS
• cfe886b Add empty options object if undefined
• 2e5a185 Add DS_Store to gitignore
• 0695e69 Define defaults outside of export method
• a8c28f8 Replace objectAsign with deep merge
• 0706fda Join fonts with spaces, newline and comma
• 120201d Remove missing font error output
• 38e38f2 Use postcss 6

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)