[Snyk] Upgrade ts-loader from 6.2.1 to 9.3.1

[snyk-bot]

Snyk has created this PR to upgrade ts-loader from 6.2.1 to 9.3.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

Warning: This is a major version upgrade, and may be a breaking change.

• The recommended version is 48 versions ahead of your current version.
• The recommended version was released 2 months ago, on 2022-06-22.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-567746	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Command Injection SNYK-JS-LODASH-1040724	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-INI-1048974	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-AJV-584908	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-FLAT-596927	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-2429795	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: ts-loader

• 9.3.1 - 2022-06-22
  
  • Bug fix: Generate declaration files for js files if allowJs is set to true [#1260] - thanks @ hediet and @ mvilliger
• 9.3.0 - 2022-04-30
  
  • simplify configuration for fork-ts-checker-webpack-plugin - thanks @ piotr-oles
• 9.2.9 - 2022-04-26
  
  • make v9 latest following v8 release - thanks @ johnnyreilly
• 9.2.8 - 2022-03-11
  
  • Bug fix: support webpack 5 in ts-loader [#1438] - thanks @ einatbar
• 9.2.7 - 2022-03-01
  
  • cater for change in resolveTypeReferenceDirective API in TypeScript 4.7 [#1421] - thanks @ johnnyreilly and @ cspotcode for inspiration in ts-node work here: TypeStrong/ts-node#1648
• 9.2.6 - 2021-09-20
  
  • Docs fix for thread-loader / history - thanks @ johnnyreilly
• 9.2.5 - 2021-08-03
  
  • Add function to get the latest program - thanks @ Zn4rK
• 9.2.4 - 2021-07-24
  
  • Fix undefined configPath now falls back to default - thanks @ johnnyreilly
• 9.2.3 - 2021-06-06
  
  • Fix error message for invalid getCustomTransformers modules - thanks @ blaky
• 9.2.2 - 2021-05-22
• 9.2.1 - 2021-05-19
• 9.2.0 - 2021-05-18
• 9.1.2 - 2021-05-05
• 9.1.1 - 2021-04-24
• 9.1.0 - 2021-04-22
• 9.0.2 - 2021-04-20
• 9.0.1 - 2021-04-20
• 9.0.0 - 2021-04-18
• 8.4.0 - 2022-04-26
  

  v8.4.0

  • fix: cater for change in resolveTypeReferenceDirective API in 4.7 - thanks @ dragomirtitian
  • This is a backport from v9.2.7 for webpack 4 compatibility
• 8.3.0 - 2021-05-19
• 8.2.0 - 2021-04-23
• 8.1.0 - 2021-03-28
• 8.0.18 - 2021-03-11
• 8.0.17 - 2021-02-10
• 8.0.16 - 2021-02-08
• 8.0.15 - 2021-02-04
• 8.0.14 - 2021-01-05
• 8.0.13 - 2020-12-31
• 8.0.12 - 2020-12-11
• 8.0.11 - 2020-11-09
• 8.0.10 - 2020-11-07
• 8.0.9 - 2020-11-04
• 8.0.8 - 2020-11-04
• 8.0.7 - 2020-10-24
• 8.0.6 - 2020-10-20
• 8.0.5 - 2020-10-13
• 8.0.4 - 2020-09-19
• 8.0.3 - 2020-08-24
• 8.0.2 - 2020-08-01
• 8.0.1 - 2020-07-15
• 8.0.0 - 2020-07-08
• 7.0.5 - 2020-05-24
• 7.0.4 - 2020-05-11
• 7.0.3 - 2020-05-07
• 7.0.2 - 2020-04-30
• 7.0.1 - 2020-04-20
• 7.0.0 - 2020-04-15
• 6.2.2 - 2020-03-22
• 6.2.1 - 2019-10-23

from ts-loader GitHub release notes

Commit messages

Package name: ts-loader

• b4b0363 Generate declaration files for js files if allowJs is set to true (Error: ESLint configuration in .eslintrc.js is invalid: - Property "" is the wrong type (expected object but got undefined). microsoft/vscode-eslint#1483)
• 914cdae Bump follow-redirects in /examples/project-references-example (Reload .eslintrc.cjs config without restart microsoft/vscode-eslint#1467)
• 50793de Bump follow-redirects from 1.14.1 to 1.15.1 in /examples/vanilla (Rule object not being cleared between lint checks microsoft/vscode-eslint#1469)
• 3a3c629 stub 4.7.3 output (Formatting on save with ESLint extension is adding extra backslash characters microsoft/vscode-eslint#1482)
• dccef46 Bump eventsource in /examples/project-references-example (Extension issue microsoft/vscode-eslint#1480)
• c26c251 Bump url-parse in /examples/project-references-example (Use of environment variables in options values microsoft/vscode-eslint#1425)
• 06d8045 Bump follow-redirects in /examples/fork-ts-checker-webpack-plugin (ESLint extension refreshes in seconds microsoft/vscode-eslint#1470)
• b9430ae Bump async from 2.6.3 to 2.6.4 in /examples/vanilla (falla con Angula.js microsoft/vscode-eslint#1449)
• 1027e9d Update package.json (rules turned off in eslint.codeActionsOnSave.rules are still run microsoft/vscode-eslint#1479)
• d954b03 docs: misc update (fix: pnpm is already installed in the current workspace and does not work. microsoft/vscode-eslint#1475)
• 8e389d9 chore: add vscode extension settings (ESLint server keeps crashing with out-of-memory errors on WSL. microsoft/vscode-eslint#1477)
• 3f8e3a4 Bump eventsource from 1.1.0 to 1.1.1 in /examples/vanilla (ESLint doesn't watch changes in .eslintrc.cjs microsoft/vscode-eslint#1466)
• 6b9e913 Bump karma from 6.3.1 to 6.3.16 (Failed to load the eslint library message in WSL with worked eslint server microsoft/vscode-eslint#1434)
• e2ceb95 Bump async from 2.6.3 to 2.6.4 in /examples/project-references-example (Allow specifying nearest config directory as working directory microsoft/vscode-eslint#1448)
• b943237 feat: add zero-config support for fork-ts-checker-webpack-plugin (Possible Bug: eslint installation from parent folder prioritized over eslint.nodePath microsoft/vscode-eslint#1451)
• 4e00201 Bump tar in /examples/fork-ts-checker-webpack-plugin (Format CSS rules inside <style> in .vue files microsoft/vscode-eslint#1370)
• fc835fb Make v9 latest following v8 release (Make ESLint more approachable for new committers microsoft/vscode-eslint#1447)
• 69576a6 Bump minimist from 1.2.5 to 1.2.6 in /examples/vanilla (eslint --init failed with syntax error microsoft/vscode-eslint#1443)
• 12f4ffe Bug fix: support webpack 5 in ts-loader ("Extension 'ESLint' is configured as formatter but it cannot format 'Typescript'-files microsoft/vscode-eslint#1439)
• 65bb27c Bump lodash from 4.17.4 to 4.17.21 in /test/execution-tests/babel-es2015 (VSCode Fix All command doesn't trigger ESLint: Fix all auto-fixable Problems microsoft/vscode-eslint#1428)
• e7a2ba6 Bump url-parse from 1.5.1 to 1.5.10 in /examples/vanilla (IntelliSense for .eslintrc.yml? microsoft/vscode-eslint#1424)
• 96ddcc5 Bump url-parse in /examples/fork-ts-checker-webpack-plugin (Starting client failed - on ready failed microsoft/vscode-eslint#1423)
• ecdc9c1 Bump ajv in /examples/fork-ts-checker-webpack-plugin (ESLint VScode plugin not using the correct ESlint version microsoft/vscode-eslint#1412)
• 5858b55 feat/4.6 (Quick fix for @intlify/vue-i18n/no-raw-text in Vue template inserts wrong type of comment microsoft/vscode-eslint#1426)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs