[Snyk] Fix for 10 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • large-file/package.json
  • large-file/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	Yes	No Known Exploit
	584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-HAWK-2808852	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	No	Proof of Concept
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Prototype Pollution SNYK-JS-JSON5-3182856	Yes	Proof of Concept
	644/1000 Why? Has a fix available, CVSS 8.6	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Denial of Service (DoS) SNYK-JS-JSZIP-1251497	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	No	Proof of Concept
	621/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6	Prototype Pollution SNYK-JS-PATHVAL-596926	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-PROMPTS-1729737	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: css-loader

The new version differs by 71 commits.

• 634ab49 chore(release): 2.0.0
• 6ade2d0 refactor: remove unused file ([Snyk(Unlimited)] Upgrade term-ng from 0.8.1 to 0.8.5 snyk-fixtures/npm-lockfiles#860)
• e7525c9 test: nested url ([Snyk(Unlimited)] Upgrade lodash from 4.17.10 to 4.17.15 snyk-fixtures/npm-lockfiles#859)
• 7259faa test: css hacks ([Snyk(Unlimited)] Upgrade @thebespokepixel/string from 0.5.2 to 0.5.9 snyk-fixtures/npm-lockfiles#858)
• 5e6034c feat: allow to filter import at-rules ([Snyk(Unlimited)] Upgrade node-uuid from 1.4.0 to 1.4.8 snyk-fixtures/npm-lockfiles#857)
• 5e702e7 feat: allow filtering urls ([Snyk(Unlimited)] Upgrade qs from 0.0.6 to 0.6.6 snyk-fixtures/npm-lockfiles#856)
• 9642aa5 test: css stuff ([Snyk(Unlimited)] Upgrade adm-zip from 0.4.7 to 0.4.13 snyk-fixtures/npm-lockfiles#855)
• 3338656 fix: reduce number of require for url ([Snyk(Unlimited)] Upgrade node-uuid from 1.4.0 to 1.4.8 snyk-fixtures/npm-lockfiles#854)
• 533abbe test: issue 636 ([Snyk(Unlimited)] Upgrade qs from 0.0.6 to 0.6.6 snyk-fixtures/npm-lockfiles#853)
• 08c551c refactor: better warning on invalid url resolution ([Snyk(Unlimited)] Upgrade debug from 2.0.0 to 2.6.9 snyk-fixtures/npm-lockfiles#852)
• b0aa159 test: issue [Snyk(Unlimited)] Upgrade @thebespokepixel/meta from 0.2.3 to 0.2.5 snyk-fixtures/npm-lockfiles#589 ([Snyk(Unlimited)] Upgrade color-convert from 1.9.2 to 1.9.3 snyk-fixtures/npm-lockfiles#851)
• f599c70 fix: broken unucode characters ([Snyk(Unlimited)] Upgrade @thebespokepixel/es-tinycolor from 0.3.1 to 0.3.2 snyk-fixtures/npm-lockfiles#850)
• 1e551f3 test: issue 286 ([Snyk(Unlimited)] Upgrade verbosity from 0.9.2 to 0.10.1 snyk-fixtures/npm-lockfiles#849)
• 419d27b docs: improve readme ([Snyk(Unlimited)] Upgrade @thebespokepixel/meta from 0.2.3 to 0.2.5 snyk-fixtures/npm-lockfiles#848)
• d94a698 refactor: webpack-default ([Snyk(Unlimited)] Upgrade truwrap from 0.8.1 to 0.8.4 snyk-fixtures/npm-lockfiles#847)
• b97d997 feat: schema options
• 453248f fix: support module resolution in composes ([Snyk(Unlimited)] Upgrade term-ng from 0.8.1 to 0.8.5 snyk-fixtures/npm-lockfiles#845)
• 8a6ea10 refactor: postcss plugins ([Snyk(Unlimited)] Upgrade lodash from 4.17.10 to 4.17.15 snyk-fixtures/npm-lockfiles#844)
• fdcf687 fix: url resolving logic ([Snyk(Unlimited)] Upgrade @thebespokepixel/string from 0.5.2 to 0.5.9 snyk-fixtures/npm-lockfiles#843)
• 889dc7f feat: allow to disable css modules and disable their by default ([Snyk(Unlimited)] Upgrade node-uuid from 1.4.0 to 1.4.8 snyk-fixtures/npm-lockfiles#842)
• ee2d253 test: importLoaders option ([Snyk(Unlimited)] Upgrade qs from 0.0.6 to 0.6.6 snyk-fixtures/npm-lockfiles#841)
• 1dad1fb feat: reuse postcss ast from other loaders (i.e `postcss-loader`) ([Snyk(Unlimited)] Upgrade adm-zip from 0.4.7 to 0.4.13 snyk-fixtures/npm-lockfiles#840)
• fe94ebc test: icss reserved keywords ([Snyk(Unlimited)] Upgrade node-uuid from 1.4.0 to 1.4.8 snyk-fixtures/npm-lockfiles#839)
• 9eaba66 refactor: migrate on message api for postcss-icss-plugin ([Snyk(Unlimited)] Upgrade qs from 0.0.6 to 0.6.6 snyk-fixtures/npm-lockfiles#838)

See the full diff

Package name: gh-got

The new version differs by 21 commits.

• 718356e 10.0.0
• 24abafe Require Node.js 14 and move to ESM
• 2902a01 Move to GitHub Actions ([Snyk] Security upgrade node-fetch from 1.7.3 to 3.2.10 #41)
• a9020db Mention official packages in the readme ([Snyk] Security upgrade mongoose from 4.2.4 to 6.4.6 #40)
• 3d68bf6 9.0.0
• 5c4a263 Require Node.js 10
• e17687a Update to Got 10 ([Snyk] Security upgrade file-type from 8.1.0 to 16.5.4 #38)
• 1e062bd Create funding.yml
• bf13dc2 8.1.0
• 6c418ab Add `.rateLimit` property to responses and errors ([Snyk] Security upgrade moment from 2.22.1 to 2.29.4 #34)
• 11e621b Meta tweaks
• a66fa03 Remove duplicated code ([Snyk] Security upgrade tap from 5.8.0 to 11.1.3 #32)
• e59a7ba 8.0.1
• c5491da Don't override `authorization` header if it already exists ([Snyk] Security upgrade hawk from 5.0.0 to 9.0.1 #33)
• d20f61c 8.0.0
• 402f07d Update to Got 9, rename `endpoint` option, and require Node.js 8 ([Snyk] Security upgrade snyk from 1.389.0 to 1.680.0 #29)
• a73bca8 7.1.0
• a9b31de Support `options.endpoint` without trailing slash ([Snyk] Security upgrade tap from 5.8.0 to 11.1.3 #30)
• 9c7597c Improve usage examples in the readme
• 33ad432 7.0.0
• fb8f3fa Bump to `got` 8

See the full diff

Package name: github-username

The new version differs by 9 commits.

• a1c09b8 6.0.0
• 1c1a48c Require Node.js 10
• 9e95e07 Migrate to `@ octokit/rest` ([Snyk] Fix for 25 vulnerabilities #12)
• 2640b0d 5.0.1
• c353a93 TypeScript - Properly mark `token` as optional ([Snyk] Security upgrade adm-zip from 0.4.7 to 0.5.2 #10)
• 929895f Create funding.yml
• 0fbe5a7 5.0.0
• 1de6d8f Meta tweaks
• fe861db Require Node.js 8, add TypeScript definition ([Snyk] Fix for 9 vulnerabilities #9)

See the full diff

Package name: got

The new version differs by 250 commits.

• 5e17bb7 11.8.5
• bce8ce7 Backport 861ccd9ac2237df762a9e2beed7edd88c60782dc
• 8ced192 Fix build
• 670eb04 11.8.4
• 20f29fe Backport [Snyk-dev] Fix for 1 vulnerabilities snyk-fixtures/npm-lockfiles#1543: Initialize globalResponse in case of ignored HTTPError ([Snyk(Unlimited)] Upgrade adm-zip from 0.4.7 to 0.4.13 snyk-fixtures/npm-lockfiles#2017)
• 0da732f 11.8.3
• 9463bb6 Bump cacheable-request dependency ([Snyk(Unlimited)] Upgrade term-ng from 0.8.1 to 0.8.5 snyk-fixtures/npm-lockfiles#1921)
• 0e167b8 HTTPError code set to 'HTTPError' [Snyk(Unlimited)] Upgrade @thebespokepixel/string from 0.5.2 to 0.5.10 snyk-fixtures/npm-lockfiles#1711 ([Snyk(Unlimited)] Upgrade lodash from 4.17.10 to 4.17.15 snyk-fixtures/npm-lockfiles#1739)
• f896aa5 11.8.2
• 3bd245f Instantiate CacheableLookup only when needed ([Snyk(Unlimited)] Upgrade debug from 2.0.0 to 2.6.9 snyk-fixtures/npm-lockfiles#1529)
• a72ed84 11.8.1
• 4c815c3 Do not throw on custom stack traces ([Snyk(Unlimited)] Upgrade lodash from 4.17.10 to 4.17.15 snyk-fixtures/npm-lockfiles#1491)
• e0cb820 11.8.0
• f65c9ef Upgrade dependencies
• 7acd380 Fix for sending files with size `0` on `stat` ([Snyk(Unlimited)] Upgrade @thebespokepixel/es-tinycolor from 0.3.1 to 0.3.2 snyk-fixtures/npm-lockfiles#1488)
• 6aa86f2 Fix indentation in the readme
• 3dd2273 `beforeRetry` allows stream body if different from original ([Snyk(Unlimited)] Upgrade qs from 0.0.6 to 0.6.6 snyk-fixtures/npm-lockfiles#1501)
• b1afa2b Fix readme example comment ([Snyk(Unlimited)] Upgrade term-ng from 0.8.1 to 0.8.5 snyk-fixtures/npm-lockfiles#1505)
• 390b145 Set default value for an options object ([Snyk(Unlimited)] Upgrade @thebespokepixel/meta from 0.2.3 to 0.2.5 snyk-fixtures/npm-lockfiles#1495)
• 87dadd5 Fixed documentation example for `responseType` ([Snyk(Unlimited)] Upgrade truwrap from 0.8.1 to 0.8.4 snyk-fixtures/npm-lockfiles#1494)
• 3bf3e3b Add `lookup` option documentation ([Snyk(Unlimited)] Upgrade term-ng from 0.8.1 to 0.8.5 snyk-fixtures/npm-lockfiles#1483)
• c31366b Add a test for [Snyk(Unlimited)] Upgrade adm-zip from 0.4.7 to 0.4.13 snyk-fixtures/npm-lockfiles#1438 ([Snyk(Unlimited)] Upgrade debug from 2.0.0 to 2.6.9 snyk-fixtures/npm-lockfiles#1469)
• 5d62958 11.7.0
• 88b32ea Fix a regression where body was sent after redirect

See the full diff

Package name: hawk

The new version differs by 101 commits.

• f1426e4 Fix host parsing
• d10d72c Merge pull request [Snyk(Unlimited)] Upgrade qs from 0.0.6 to 0.6.6 snyk-fixtures/npm-lockfiles#286 from lotas/regex-exploit-fix
• ade1341 Parse URLs using stdlib
• aa5e09e 9.0.0
• c61eedd Merge pull request [Snyk-local(Unlimited)] Upgrade truwrap from 0.8.1 to 0.8.4 snyk-fixtures/npm-lockfiles#279 from mozilla/remove-browser
• 0b684f4 Remove remnants of the browser-specific version
• 09d27b0 Merge pull request [Snyk-local(Unlimited)] Upgrade term-ng from 0.8.1 to 0.8.5 snyk-fixtures/npm-lockfiles#277 from mozilla/issue276
• 51c08e2 Do not require @ hapi/sntp anymore
• cf105e0 fix require() in API.js
• 58ba9c8 Merge pull request [Snyk-local(Unlimited)] Upgrade color-convert from 1.9.2 to 1.9.3 snyk-fixtures/npm-lockfiles#275 from mozilla/issue272
• 86d68ec remove Hapi plugin
• 764c97e 8.0.1
• 2621007 some history
• 866e8cb Merge pull request [Snyk-local(Unlimited)] Upgrade from thebespokepixel/es-tinycolor to thebespokepixel/es-tinycolor snyk-fixtures/npm-lockfiles#274 from mozilla/issue273
• 4772624 switch from Travis-CI to Taskcluster (and drop multiple HAPI version checks)
• 668dd86 add repo files (fixes [Snyk-local(Unlimited)] Upgrade truwrap from 0.8.1 to 0.8.4 snyk-fixtures/npm-lockfiles#271)
• 71668bc link to API in README
• ae552b5 Create codeql-analysis.yml
• 791b581 Update package.json
• d1f3f59 Update README.md
• 1e4d7f0 8.0.0
• dd54922 Update deps. Closes [Snyk-local(Unlimited)] Upgrade lodash from 4.17.10 to 4.17.11 snyk-fixtures/npm-lockfiles#267. Closes [Snyk-local(Unlimited)] Upgrade from thebespokepixel/string to thebespokepixel/string snyk-fixtures/npm-lockfiles#268
• bbd672b Merge pull request [Snyk-local(Unlimited)] Upgrade color-convert from 1.9.2 to 1.9.3 snyk-fixtures/npm-lockfiles#266 from nwhitmont/master
• ae9d31c add link to changelog

See the full diff

Package name: hosted-git-info

The new version differs by 55 commits.

• 8d4b369 chore(release): 2.8.9
• 29adfe5 fix: backport regex fix from [Snyk] Security upgrade qs from 0.0.6 to 6.2.4 #76
• afeaefd chore(release): 2.8.8
• 5038b18 fix: [Snyk] Security upgrade tap from 11.1.3 to 15.0.0 #61 & [Snyk] Security upgrade dustjs-linkedin from 2.6.0 to 2.6.3 #65 addressing issues w/ url.URL implmentation which regressed node 6 support
• 7440afa chore(release): 2.8.7
• 2d0bb66 fix: Do not attempt to use url.URL when unavailable
• f2cdfcf fix: Do not pass scp-style URLs to the WhatWG url.URL
• e1b83df chore(release): 2.8.6
• ff259a6 Ensure passwords in hosted Git URLs are correctly escaped
• 624fd6f chore(release): 2.8.5
• e8325b5 fix: updated pathmatch for gitlab
• 4e4ea0f test: added script to get coverage report
• 4eb69eb test: removed unused testing structure
• ba44d9f test: moved all github url tests together
• 8d24551 test: added refactered tests for bitbucket
• 1fd9d66 test: added ignore; for 100% testing (this seems wonky)
• 921e6dd test: added basic test for ._fill() method
• ffe056f fix: updated pathmatch for gitlab
• 53364f9 test: added refactered tests for gists
• 888f9b4 test: added default fixtures and github specific fixtures
• 3d1ad71 chore(release): 2.8.4
• 2070453 chore: add npm dist-tag for legacy publishes
• f392f82 use var instead of let/const for ancient nodes
• cbf63b7 chore(release): 2.8.3

See the full diff

Package name: html-webpack-plugin

The new version differs by 139 commits.

• eb73905 chore(release): 4.0.0
• 42a6d4a Add typing for getHooks
• a1a37cf Release html-webpack-plugin 4.0.0-beta.14
• 97f9fb9 fix: load script files before style files files in defer script loading mode
• e97ce17 Release html-webpack-plugin 4.0.0-beta.13
• e448b5d Release html-webpack-plugin 4.0.0-beta.12
• de315eb feat: Add defer script loading
• 7df269f feat: Provide a verbose error message if html minification failed
• 1d66e53 feat: merge templateParameters with default template parameters
• dfb98e7 Fix typo in template option docts
• 096a760 Fix broken links in examples
• a195c34 docs: Update template-option documentation
• 40b410e docs: Update example for template parameters
• bf017f3 chore: Release 4.0.0-beta.11
• 2549557 test: Don't use minification for speed measurement
• de22fc2 test: Adjust measurment for node 6 on travis
• 24bf1b5 fix: Update references to html-minifier
• f4eafdc chore: Release 4.0.0-beta.10
• a2ad30a refactor: Use getAssetPath instead of calling the hook directly
• 2595a79 chore: Release 4.0.0-beta.9
• c66766c feat: Add support for minifying inline ES6 inside html templates
• 655cbcd Fix README typo
• 6de319b update lodash dependency for prototype polution vulnerability
• 35a1541 Properly encode file names emitted as part of URLs.

See the full diff

Package name: icss-utils

The new version differs by 16 commits.

• 2bfed2e Merge pull request [Snyk] Fix for 50 vulnerabilities #59 from css-modules/remove-node4-support
• 946910e drop node@4
• 726f513 Revert "drop node@4 support"
• 21495be drop node@4 support
• 228271a Merge pull request [Snyk] Fix for 62 vulnerabilities #58 from EECOLOR/master
• 54d8bc5 update postcss to version 7
• 55414c5 Merge pull request [Snyk] Security upgrade update-notifier from 2.5.0 to 6.0.0 #56 from mportuga/patch-1
• 8dc1425 chore(LICENSE.md): Add missing license file.
• 911bfc6 3.0.1
• c4da800 Do not require quotes on rules creation
• f40da13 3.0.0
• 19ffee9 Allow selectors replacements and disallow with . or #
• 4fd013f Disallow . and # replacements and allow class name and id replacement
• 2411980 Upgrade dependencies
• 1100b7e Trim quote from import path
• f3b7f93 Split replace value symbols test

See the full diff

Package name: json-schema

The new version differs by 27 commits.

• f6f6a3b Use a little more robust method of checking instances
• ef60987 Update version
• b62f1da Protect against constructor modification, [Snyk] Fix for 1 vulnerabilities #84
• fb427cd Link to json-schema-org repository in addition to site, fixes [Snyk] Fix for 50 vulnerabilities #54
• 22f1461 Don't allow __proto__ property to be used for schema default/coerce, fixes [Snyk] Fix for 1 vulnerabilities #84
• c52a27c Get basic test to pass
• b3f42b3 Add security policy
• 3b0cec3 Update version
• c28470f Update readme to acknowledge the state of the package
• 7dff9cd Merge pull request [Snyk] Security upgrade undefsafe from 1.3.1 to 2.0.5 #81 from hodovani/patch-1
• ae602f0 Remove typeof comparing to undefined
• 1e4c8aa Update version
• 55a6a1b Updated licenses in source files, fixes [Snyk] Fix for 62 vulnerabilities #62
• 6b8b8ca Merge pull request [Snyk] Fix for 1 vulnerabilities #66 from technical-team/additional-props-message
• 431200e Merge pull request [Snyk] Fix for 1 vulnerabilities #70 from damehta/master
• f4cf71d Merge pull request [Snyk] Fix for 1 vulnerabilities #78 from mvandervliet/spdx_license_text
• 27848fc Merge pull request [Snyk] Fix for 1 vulnerabilities #80 from paazmaya/79-add-files-property
• f31090b Defined files property
• 4f3db68 Updated LICENSE text to use SPDX license identifiers where applicable
• eef3d20 Merge pull request [Snyk] Security upgrade tap from 11.1.3 to 15.0.0 #61 from piotr1212/master
• 2cd9889 Merge pull request [Snyk] Security upgrade body-parser from 1.9.0 to 1.19.2 #77 from camillem/patch-1
• 3ccbf04 Updating deprecated licenses field
• 24c4ed1 Merge pull request [Snyk] Security upgrade snyk from 1.389.0 to 1.1064.0 #72 from CDanU/master
• 81ca359 specifies license type (BSD -> BSD 3-Clause)

See the full diff

Package name: json5

The new version differs by 91 commits.

• a62db1e 1.0.2
• e0c23fe docs: update CHANGELOG for v1.0.2
• 62a6540 fix: add __proto__ to objects and arrays
• 072eb40 1.0.1
• e7bdcd1 Update CHANGELOG for v1.0.1
• 342d575 Remove package.json5 file
• 0336c9c Fix unclosed object and array bug
• 25929ab Fix typo in API documentation
• 607c18f Readme: fix typo in attribution. [skip ci]
• 1d64ece 1.0.0
• ef1f94a Fix headings in README
• 1c5d18d Remove remnant in README
• d904cd6 Update dependencies
• 156ae20 Add contributing guidelines
• f920edc Update CHANGELOG for v1.0
• 4c7fbd2 Update README for v1.0
• 5cbd656 Update copyright year
• 1d1c92d Explain STDIN and STDOUT using in CLI
• a95ec35 Update package.json5 with coverage integration
• f60448e Integrate Coveralls
• d17173c 1.0.0-beta.4
• d828908 Fix and ensure signed numbers are parsed properly
• dc2cfbc Make all tests run
• ad03a13 Test on Node v9

See the full diff

Package name: jsprim

The new version differs by 1 commits.

• 5c8475f Backport json-schema 0.4.0 to version 1.4.x TritonDataCenter/node-jsprim#35 Backport json-schema 0.4.0 to version 1.4.x

See the full diff

Package name: loader-utils

The new version differs by 36 commits.

• ba4f0d0 chore(release): 1.2.0 ([Snyk] Fix for 1 vulnerabilities #131)
• c5c7322 test: more ([Snyk] Security upgrade karma from 2.0.3 to 5.0.8 #132)
• c17d9cd refactor: migrate on `jest` ([Snyk] Fix for 29 vulnerabilities #130)
• 3a854ba style: integrate prettier
• 0f2b227 chore(deps): update
• 914c09f chore(deps): update
• db92b11 chore(deps): update `dev` dependencies
• ad3a6b2 chore(deps): update `dev` dependencies
• 3b6b8ff feat: support `[contenthash]`
• 6982934 feat: support `[contenthash]`
• 6fb379f ci: test on windows
• 7485ded ci: test on windows
• ad3c359 fix(isUrlRequest): ignore `about:blank`
• ac05880 fix(isUrlRequest): ignore `about:blank`
• 47e2e02 fix: ignore all nonstandard extension protocols
• dd9326b fix: ignore all nonstandard extension protocols
• 822f518 ci: more nodejs versions
• 083187a ci: more nodejs versions
• 67499ff Merge pull request [Snyk] Security upgrade app-migrations from 0.2.0 to 3.1.6 #94 from rsms/fix-hash-regex
• 5854d87 Merge pull request [Snyk] Security upgrade tap from 5.8.0 to 15.0.0 #96 from zacharyvoase/patch-1
• 5f11a9f Merge pull request [Snyk] Security upgrade tap from 5.8.0 to 15.0.0 #98 from gflandre/fix-web-extensions-protocols
• a18d1a4 Merge pull request [Snyk] Security upgrade tap from 5.8.0 to 15.0.0 #100 from embrace-io/master
• 8b7834a Merge pull request [Snyk] Fix for 2 vulnerabilities #91 from asmundg/explode-when-out-of-emoji
• eb641cc Parse string for emoji count before use

See the full diff

Package name: pathval

The new version differs by 12 commits.

• db6c3e3 chore: v1.1.1
• 7859e0e Merge pull request [Snyk] Fix for 50 vulnerabilities #60 from deleonio/fix/vulnerability-prototype-pollution
• 49ce1f4 style: correct rule in package.json
• c77b9d2 fix: prototype pollution vulnerability + working tests
• 49031e4 chore: remove very old nodejs
• 57730a9 chore: update deps and tool configuration
• a123018 Merge pull request [Snyk] Fix for 18 vulnerabilities #55 from chaijs/remove-lgtm
• 07eb4a8 Delete MAINTAINERS
• a0147cd Merge pull request [Snyk] Fix for 50 vulnerabilities #54 from astorije/patch-1
• aebb278 Center repo name on README
• 70dc0a5 Merge pull request [Snyk] Security upgrade tap from 5.8.0 to 14.6.8 #45 from lucasfcosta/update-docs-for-set
• 69b05d9 docs: explicitly mention that setPathValue returns the target object

See the full diff

Package name: postcss-loader

The new version differs by 30 commits.

• 7647ac9 chore(release): 3.0.0
• 313c3c4 docs(README): update filename formatting
• d6931da refactor(Error): add `error` property checks
• 962b1d6 refactor(options): remove `ident` from validation schema
• 1f98aee refactor(Warning): add `warning` property checks
• 95de4c1 docs(LOADER): update JSDoc
• ea68a42 chore(package): update `schema-utils` v0.4.5...1.0.0 (`dependencies`)
• 73a8c66 chore(ISSUE_TEMPLATE/DOCS): add template for documentation issues
• 70f4426 chore(ISSUE_TEMPLATE/FEATURE): add feature request template
• 4a0328e chore(ISSUE_TEMPLATE/BUG): move bug reports into their own template
• 319d1f7 chore(PULL_REQUEST_TEMPLATE): improve format and content
• bdcbef0 refactor(src): update code base with latest ES2015+ features
• f34954f fix(index): add ast version (`meta.ast`)
• 8ac6fb5 fix(index): emit `warnings` as an instance of `{Error}`
• 2c6033b test(Errors): remove stacktrace from snapshot
• 549ea08 fix(options): improved `ValidationError` messages
• fbf05de test: replace helpers with `@ webpack-utilities/test` ([Snyk(Unlimited)] Upgrade qs from 0.0.6 to 0.6.6 snyk-fixtures/npm-lockfiles#386)
• daa0da8 chore(package): update `postcss` v6.0.0...7.0.0 (`dependencies`) ([Snyk(Unlimited)] Upgrade node-uuid from 1.4.0 to 1.4.8 snyk-fixtures/npm-lockfiles#375)
• 114db12 docs(README): add autoprefixing example ([Snyk(Unlimited)] Upgrade truwrap from 0.8.1 to 0.8.4 snyk-fixtures/npm-lockfiles#380)
• 8772814 style(standard): fix linting issues
• 8ef443f ci(travis): build stages
• 6f10898 ci(appveyor): readd Appveyor CI ([Snyk(Unlimited)] Upgrade @thebespokepixel/meta from 0.2.3 to 0.2.5 snyk-fixtures/npm-lockfiles#381)
• 0bb835c ci(package): run tests in an explicit environment (`jest --env=node`) ([Snyk(Unlimited)] Upgrade verbosity from 0.9.2 to 0.10.1 snyk-fixtures/npm-lockfiles#382)
• 5e2bca9 docs(README): replace `postcss-cssnext` with `postcss-preset-env` ([Snyk(Unlimited)] Upgrade sgr-composer from 0.5.0 to 0.5.3 snyk-fixtures/npm-lockfiles#379)

See the full diff

Package name: postcss-modules-extract-imports

The new version differs by 5 commits.

• 797d678 remove node@4 support ([Snyk] Fix for 3 vulnerabilities #151)
• 1ab8eb1 update postcss to version 7 ([Snyk] Security upgrade ejs from 1.0.0 to 3.1.10 #150)
• e286ada up version
• 6d55f5c Added LICENSE file ([Snyk] Security upgrade ejs from 1.0.0 to 3.1.10 #149)
• e017f1c Add jest and prettier ([Snyk] Security upgrade express from 4.16.0 to 4.19.2 #145)

See the full diff

Package name: postcss-modules-local-by-default

The new version differs by 2 commits.

• ef87adb chore(release): 2.0.0
• 82e4865 chore(deps): update

See the full diff

Package name: postcss-modules-scope

The new version differs by 5 commits.

• 41f5b08 chore(deps): update
• 652d61f chore(deps): update
• 68affb4 fix: add license
• 8175ed2 chore(package): update license file
• e3dda1e fix(package): add license file

See the full diff

Package name: postcss-modules-values

The new version differs by 5 commits.

• 1383b62 Merge pull request [Snyk] Fix for 11 vulnerabilities #1 from css-modules/chore-deps-update
• e995f11 chore(deps): update
• cf3b45b chore(release): 1.3.1
• 5fd1fac fix: add license
• c09bf9d fix(package): add license file

See the full diff

Package name: prompts

The new version differs by 99 commits.

• 66ccf0b 2.4.2
• 8ee1061 Update dependencies
• bf39500 [Security] Fix ReDoS ([Snyk-local(Unlimited)] Upgrade from thebespokepixel/meta to thebespokepixel/meta snyk-fixtures/npm-lockfiles#333)
• 22fe104 2.4.1
• 771ff1d fix(text-input): make cursor reflect current position ([Snyk(Unlimited)] Upgrade adm-zip from 0.4.7 to 0.4.13 snyk-fixtures/npm-lockfiles#300)
• 6e11c76 Added gh size action ([Snyk(Unlimited)] Upgrade qs from 0.0.6 to 0.6.6 snyk-fixtures/npm-lockfiles#286)
• 972fbb2 2.4.0
• f437308 Update sisteransi
• 53ab834 handle escape as exit + clearFirst featue for autocomplete ([Snyk-local(Unlimited)] Upgrade @thebespokepixel/meta from 0.2.3 to 0.2.5 snyk-fixtures/npm-lockfiles#280)
• 9628ebe Fixes [Snyk-local(Unlimited)] Upgrade from thebespokepixel/es-tinycolor to thebespokepixel/es-tinycolor snyk-fixtures/npm-lockfiles#274: remove internal use of process.stdout ([Snyk-local(Unlimited)] Upgrade color-convert from 1.9.2 to 1.9.3 snyk-fixtures/npm-lockfiles#275)
• a90d118 fix(inject): treat undefined in inject as initial value ([Snyk-local(Unlimited)] Upgrade color-convert from 1.9.2 to 1.9.3 snyk-fixtures/npm-lockfiles#266)
• abe3c01 Loop cursor on all select-style prompts ([Snyk-local(Unlimited)] Upgrade sgr-composer from 0.5.0 to 0.5.3 snyk-fixtures/npm-lockfiles#270)
• 6c51699 Fixed HTML ([Snyk-local(Unlimited)] Upgrade from thebespokepixel/meta to thebespokepixel/meta snyk-fixtures/npm-lockfiles#272)
• be513e2 Bump lodash from 4.17.15 to 4.17.19 ([Snyk-local(Unlimited)] Upgrade from thebespokepixel/string to thebespokepixel/string snyk-fixtures/npm-lockfiles#268)
• 2d776bb Fixes [Snyk(Unlimited)] Upgrade node-uuid from 1.4.0 to 1.4.8 snyk-fixtures/npm-lockfiles#257: Add stdin and stdout to the docs ([Snyk-local] Fix for 4 vulnerable dependencies snyk-fixtures/npm-lockfiles#258)
• b1dd6b1 Update sisteransi
• 603e823 2.3.2
• 4230144 Update dependencies
• a3ea77d autocomplete: fix bold symbols ([Snyk(Unlimited)] Upgrade debug from 2.0.0 to 2.6.9 snyk-fixtures/npm-lockfiles#255)
• 71e1512 Update funding.yml
• ed765bc Create funding.yml
• 2047fcd 2.3.1