[Snyk] Fix for 1 vulnerabilities

[kopax]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: exports-loader

The new version differs by 11 commits.

• 8dece9c chore(release): 1.0.0
• fa0b87d feat: better validation string value ([JSdoc] link to data type in jsdoc are not rendering markdown #40)
• 0cf1096 feat: object notation ([JSdoc] Create a <Result /> global component to omprove rendering of result of non react code mirror example #39)
• 234e4d0 docs: improve (fix(dependencies): fix highlight.js to version 9.12.0 due to issue ht… #38)
• 8b03f42 feat: next
• d823dbc feat: validate options
• d947a5c docs: improve (fix(dependencies): Upgrade @bootstrap-styled/rsg-components to v1.1.12 #35)
• d0705ba fix: always rewrite existing exports
• a2541ac chore(defaults): update (fix(dependencies): install missing loaders #33)
• d43d199 docs(readme): fix CONTRIBUTING link ([Bug] CSS for @description annotation and markdown are different #25)
• c015150 refactor(defaults): update to latest webpack-defaults (test(coverage): reduce threshold for branch to 29% #23)

See the full diff

Package name: file-loader

The new version differs by 3 commits.

• e44eb73 chore(release): 6.0.0
• ad39022 chore(deps): update (#369)
• e1fe27c docs: update README.md (#368)

See the full diff

Package name: image-webpack-loader

The new version differs by 74 commits.

• d9cca9b 7.0.0
• 7d91d45 lts not found?
• 8ea85e3 update changelog
• 044ccaf require node 10
• 8d386e2 Merge pull request #238 from tcoopman/dependabot/npm_and_yarn/imagemin-mozjpeg-9.0.0
• d0f574c Bump imagemin-mozjpeg from 8.0.0 to 9.0.0
• 73e4acc Merge pull request #259 from tcoopman/dependabot/npm_and_yarn/imagemin-pngquant-9.0.1
• 42b776f Merge pull request #236 from tcoopman/dependabot/npm_and_yarn/imagemin-webp-6.0.0
• 63b3d18 Merge pull request #248 from tcoopman/dependabot/npm_and_yarn/webpack-4.44.1
• 953073e Bump imagemin-pngquant from 8.0.0 to 9.0.1
• 12a9da6 Bump webpack from 4.42.0 to 4.44.1
• 569b13c Bump imagemin-webp from 5.1.0 to 6.0.0
• 7fcf273 Merge pull request #258 from tcoopman/dependabot/npm_and_yarn/bl-1.2.3
• 2367e00 Merge pull request #255 from tcoopman/dependabot/npm_and_yarn/decompress-4.2.1
• 7714554 Merge pull request #253 from tcoopman/dependabot/npm_and_yarn/schema-utils-2.7.1
• b601c5c Merge pull request #247 from tcoopman/dependabot/npm_and_yarn/elliptic-6.5.3
• 96197b4 Merge pull request #241 from tcoopman/dependabot/npm_and_yarn/webpack-cli-3.3.12
• 5cf2d90 [Security] Bump bl from 1.2.2 to 1.2.3
• 7e4116c Bump schema-utils from 2.6.5 to 2.7.1
• 605a580 Merge pull request #235 from tcoopman/dependabot/npm_and_yarn/imagemin-svgo-8.0.0
• 6fd3a22 [Security] Bump decompress from 4.2.0 to 4.2.1
• c37a782 Merge pull request #234 from tcoopman/dependabot/npm_and_yarn/imagemin-optipng-8.0.0
• 830a392 Merge pull request #211 from tcoopman/dependabot/npm_and_yarn/imagemin-gifsicle-7.0.0
• 168a70c [Security] Bump elliptic from 6.5.2 to 6.5.3

See the full diff

Package name: react-styleguidist

The new version differs by 250 commits.

• 92518df feat: Webpack 5 support (#1903)
• 6415cb6 Build(deps): Bump url-parse from 1.4.7 to 1.5.3 (#1896)
• 6ca3c4c chore: Add npm 'cache' to 'release' workflow (#1899)
• 7d62618 chore: Add npm 'cache' to 'danger' workflow (#1900)
• 9114b4a docs: Fix code block formatting in Maintenance.md (#1908)
• 54be33b chore: Add npm 'cache' to 'release' workflow (#1901)
• 48e98b8 chore: Add npm 'cache' to Node.js workflow (#1898)
• 77a2a2e fix: Remove `is-directory`, use `fs` module directly (#1897)
• 0a477a6 docs: Add more funding options
• 33b6796 Build(deps): Bump prismjs from 1.24.0 to 1.25.0 in /examples/webpack (#1892)
• 0ebf18b Build(deps): Bump prismjs from 1.24.0 to 1.25.0 in /examples/sections (#1891)
• e2ee4a9 Build(deps): Bump prismjs from 1.24.0 to 1.25.0 in /examples/customised (#1890)
• e97872a Build(deps): Bump prismjs from 1.24.0 to 1.25.0 in /examples/express (#1889)
• 4290c03 Build(deps): Bump tmpl from 1.0.4 to 1.0.5 (#1885)
• 626cde7 Build(deps): Bump path-parse from 1.0.6 to 1.0.7 in /examples/preact (#1868)
• 7dc6a1b Build(deps): Bump url-parse from 1.4.7 to 1.5.3 in /examples/sections (#1872)
• 56660aa Build(deps): Bump tar from 6.1.4 to 6.1.11 in /examples/webpack (#1879)
• a37dd62 Build(deps): Bump url-parse from 1.4.7 to 1.5.3 in /examples/webpack (#1876)
• 3865103 Build(deps): Bump url-parse from 1.4.7 to 1.5.3 in /examples/express (#1870)
• a61be25 Build(deps): Bump url-parse from 1.4.7 to 1.5.3 in /examples/preact (#1871)
• 813690d Build(deps): Bump url-parse from 1.4.7 to 1.5.3 in /examples/customised (#1873)
• 0de1309 Build(deps): Bump url-parse from 1.4.7 to 1.5.3 in /examples/basic (#1874)
• 9a20d9a Build(deps): Bump path-parse from 1.0.6 to 1.0.7 in /examples/express (#1875)
• 4750e99 Build(deps): Bump path-parse from 1.0.6 to 1.0.7 in /examples/customised (#1869)

See the full diff

Package name: url-loader

The new version differs by 27 commits.

• 8828d64 chore(release): 4.0.0
• fc8721f chore(deps): migrate on `mime-types` package (#209)
• f13757a chore(deps): update (#208)
• a2f127d fix: description on the `esModule` option (#204)
• 4301f87 chore(release): 3.0.0
• 3f0bbc5 refactor: next (#198)
• 2451157 chore(release): 2.3.0
• 0ee2b99 feat: new `esModules` option to output ES modules
• cbd1950 chore(release): 2.2.0
• 196110e fix: yarn pnp support (#195)
• 9431124 docs: improve documentation about `fallback` (#194)
• a251a23 chore(deps): update (#193)
• 2bffcfd fix: limit must allow infinity and max value (#192)
• 1b9dbd1 chore(release): 2.1.0
• f3d4dd2 feat: improved validation error messages (#187)
• 37c6acc chore(release): 2.0.1
• 4842f93 fix: allow using limit as string when you use loader with query string (#185)
• c0341da chore(defaults): update (#184)
• 78833ac chore(release): 2.0.0
• 4386b3e chore(deps): update (#182)
• 60d2cb3 feat: limit option can be boolean (#181)
• d82e453 fix: `limit` should always be a number and 0 value handles as number (#180)
• 3c24545 fix: fallback loader will be used than limit is equal or greater (#179)
• a6705cc test: test svg scenario. #176 (#177)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution