[Snyk] Fix for 1 vulnerabilities

[eitanno]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: postcss-cssnext

The new version differs by 11 commits.

• 03b6017 3.0.0
• cf9fb19 Docs: fix chalk update issue
• b7d6ffd Merge pull request #400 from MoOx/postcss6-upgrade
• 1781dc7 Docs: Fix id of overflow wrap property in index (#393)
• 8b99180 Ensure a version of caniuse-db that includes css-image-set (#380)
• db0f0fa Add a warning for custom property sets that are going to be removed + an option to hide the warning
• cc7c864 Change: support node4+ up to 8
• 7bb55c1 chore: add package-lock.json and yarn.lock files
• 20ae74d Change: upgrade to PostCSS 6
• af5f9c1 Change link to custom media queries specification
• 974e40b Fix PR link

See the full diff

Package name: postcss-font-magician

The new version differs by 17 commits.

• da72cda [2.2.2] update google fonts lists (Bump chart.js from 2.7.1 to 2.9.4 fnproject/ui#77)
• 6aa468a Clarified how to use 'foundaries' option
• 5765576 [2.2.1] update google fonts lists
• c8d9d5c [2.2.0] fix issue with parsing of array options
• b228d67 Fix parse array options Fix stlyelint deprecation warnings fnproject/ui#64 (Fix stylelint deprecation warnings (#64) fnproject/ui#65)
• b82558f Update README.md
• 47ef6c1 Update README.md
• 6795d7a [2.1.2] Support for Node 4 is no longer supported
• 9bfc7ba [2.0.2] fix tests, remove gulp from dependencies, add precommit linting
• 7311f87 [2.0.1] fix tests, `hosted` issue
• 727c91e Update package.json
• 0520775 Update .travis.yml
• aea79fd 2.0.0
• 44b0887 Organize package.json
• be56b96 Update devDependencies
• d214908 Use PostCSS 6
• 6374918 Update Tests

See the full diff

Package name: postcss-hexrgba

The new version differs by 37 commits.

• 1bb0267 v2.0.0
• 96689bd Merge pull request [Snyk] Fix for 1 vulnerabilities #19 from ai/patch-1
• d5874fd upgrade to postcss 7 ([Snyk] Upgrade stylelint from 14.0.0 to 14.9.0 #15)
• 2d0fc12 Use shortcuts in package.json ([Snyk] Security upgrade extract-text-webpack-plugin from 1.0.1 to 2.0.0 #20)
• 3d6b627 Speed up plugin ([Snyk] Fix for 1 vulnerabilities #21)
• 6f10213 Speed up plugin
• b4c2abe Use shortcuts in package.json
• 16a39bf Reduce npm package
• 16b46a5 Fixes Readme typo (Bump terser from 5.9.0 to 5.14.2 #18)
• f8bc1a5 Fixes Readme typo
• f67527e remove yarn lock
• 0bd5aeb v1.0.2
• 0d51f62 fix source maps (Bump moment from 2.29.1 to 2.29.4 #16)
• 5575fc3 Update index.js
• f4b7427 upgraded mocha
• 987de2c upgrade to postcss 7 & remove yarn.lock
• da82e8f update changelog
• 6fa344f v1.0.1
• 384b972 Merge pull request Bump moment from 2.29.1 to 2.29.2 #12 from schelmo/master
• 871487c directly substitute the hex in the replace callback (fixes last comment of Bump eslint-utils from 1.3.1 to 1.4.3 #6)
• 76a4586 Merge pull request Bump minimist from 1.2.5 to 1.2.6 #11 from schelmo/master
• a0fd1ee add a test for !important ( Bump nanoid from 3.1.30 to 3.2.0 #10 )
• d42acc2 Merge pull request Bump nanoid from 3.1.30 to 3.2.0 #10 from schelmo/master
• d9fcf9b do not omit !important

See the full diff

Package name: postcss-loader

The new version differs by 237 commits.

• 7647ac9 chore(release): 3.0.0
• 313c3c4 docs(README): update filename formatting
• d6931da refactor(Error): add `error` property checks
• 962b1d6 refactor(options): remove `ident` from validation schema
• 1f98aee refactor(Warning): add `warning` property checks
• 95de4c1 docs(LOADER): update JSDoc
• ea68a42 chore(package): update `schema-utils` v0.4.5...1.0.0 (`dependencies`)
• 73a8c66 chore(ISSUE_TEMPLATE/DOCS): add template for documentation issues
• 70f4426 chore(ISSUE_TEMPLATE/FEATURE): add feature request template
• 4a0328e chore(ISSUE_TEMPLATE/BUG): move bug reports into their own template
• 319d1f7 chore(PULL_REQUEST_TEMPLATE): improve format and content
• bdcbef0 refactor(src): update code base with latest ES2015+ features
• f34954f fix(index): add ast version (`meta.ast`)
• 8ac6fb5 fix(index): emit `warnings` as an instance of `{Error}`
• 2c6033b test(Errors): remove stacktrace from snapshot
• 549ea08 fix(options): improved `ValidationError` messages
• fbf05de test: replace helpers with `@ webpack-utilities/test` (#386)
• daa0da8 chore(package): update `postcss` v6.0.0...7.0.0 (`dependencies`) (#375)
• 114db12 docs(README): add autoprefixing example (#380)
• 8772814 style(standard): fix linting issues
• 8ef443f ci(travis): build stages
• 6f10898 ci(appveyor): readd Appveyor CI (#381)
• 0bb835c ci(package): run tests in an explicit environment (`jest --env=node`) (#382)
• 5e2bca9 docs(README): replace `postcss-cssnext` with `postcss-preset-env` (#379)

See the full diff

Package name: postcss-url

The new version differs by 66 commits.

• 1a7496e 8.0.0
• dcfef47 eslint fixes
• 4830527 8.0.0 changlelog
• 4810601 added package-lock.json
• 0e361d5 updated mime package
• c6deff4 fix changelog
• 05be637 Merge pull request #126 from realityking/postcss7
• 1b5c06e Update postcss to version 7
• 88fc678 Update some dev dependencies
• 607e448 Support Node.js 10
• de03b85 Require Node.js 6
• ea84a94 7.3.2
• de6f6e2 Merge pull request #119 from kisenka/skip-urls-with-tilde
• 00ceb36 chore: skip URLs started with tilde
• eeaccb7 chore: eslint fix
• bec2b0c feat: skip URLs with tilde
• 251a2c8 7.3.1
• c92a076 doc fixes
• d559b4f Merge pull request #117 from just4uwei/master
• 271f917 fixbug
• 343294c fix changelog
• 953ba4b 7.3.0
• 1d4e78e Merge pull request #114 from digitalkaoz/patch-1
• e557044 prepend original filename in hashed filename

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.