[Snyk] Fix for 1 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	713/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.4	Prototype Pollution SNYK-JS-JSON5-3182856	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: css-loader

The new version differs by 250 commits.

• 7857d8f chore(release): 4.0.0
• 5604205 feat: support `file:` protocol
• 5303db2 chore(deps): update (#1131)
• 9aa0549 chore(deps): update
• a54c955 test: imports
• 5b45d87 test: support in `@ import` at-rule
• 83515fa refactor: code
• 1c20b1e fix: parsing
• 7f49a0a feat: `@ value` supports importing `url()` (#1126)
• 791fff3 refactor: named export (#1125)
• 01e8c76 refactor: change function arguments of the `import` option (#1124)
• c153fe6 refactor: improve schema options (#1123)
• 58b4b98 test: unresolved (#1122)
• d2f6bd2 refactor: getLocalIdent function (#1121)
• 069dbb0 refactor: the `modules.localsConvention` option was renamed to the `modules.exportLocalsConvention` option (#1120)
• fc04401 refactor: the `modules.context` option was renamed to the `modules.localIdentContext` option (#1119)
• 3a96a3d refactor: the `hashPrefix` option was renamed to the `localIdentHashPrefix` option (#1118)
• 0080f88 refactor: default values `modules` and `module.auto` are true (#1117)
• e1c55e4 refactor: rename the `onlyLocals` option (#1116)
• ac5f413 refactor: code
• a5c1b5f test: code coverange (#1114)
• 908ecee refactor: `esModule` option is `true` by default (#1111)
• 7cca035 test: coverange (#1112)
• bc19ddd feat: improve `url()` resolving algorithm

See the full diff

Package name: file-loader

The new version differs by 138 commits.

• e44eb73 chore(release): 6.0.0
• ad39022 chore(deps): update (#369)
• e1fe27c docs: update README.md (#368)
• c2aded7 chore(release): 5.1.0
• cd8698b feat: support the `query` template for the `name` option (#366)
• 5703c58 chore(deps): update (#365)
• 521bff2 chore: remove duplicate prettier config file (#357)
• 5ffac2e refactor: added description on esModule (#358)
• 190829e docs: fix the description of the `esModule` option (#348)
• f1b071c chore(release): 5.0.2
• 6431101 chore: add the `funding` field in `package.json` (#347)
• 90302cd chore(release): 5.0.1
• 31d6589 fix: name of `esModule` option in source code (#346)
• 2a18cba chore(release): 5.0.0
• 98a6c1d refactor: next (#345)
• 0df6c8d chore(release): 4.3.0
• a2f5faf refactor: code (#344)
• 9b9cd8d feat: new options flag to output ES2015 modules (#340)
• ba0fd4c chore(release): 4.2.0
• 642ee74 docs: improve readme (#341)
• c136f44 feat: `postTransformPublicPath` option (#334)
• d441daa chore(release): 4.1.0
• 705eed4 feat: improved validation error messages (#339)
• d016daa chore(release): 4.0.0

See the full diff

Package name: url-loader

The new version differs by 69 commits.

• 8828d64 chore(release): 4.0.0
• fc8721f chore(deps): migrate on `mime-types` package (#209)
• f13757a chore(deps): update (#208)
• a2f127d fix: description on the `esModule` option (#204)
• 4301f87 chore(release): 3.0.0
• 3f0bbc5 refactor: next (#198)
• 2451157 chore(release): 2.3.0
• 0ee2b99 feat: new `esModules` option to output ES modules
• cbd1950 chore(release): 2.2.0
• 196110e fix: yarn pnp support (#195)
• 9431124 docs: improve documentation about `fallback` (#194)
• a251a23 chore(deps): update (#193)
• 2bffcfd fix: limit must allow infinity and max value (#192)
• 1b9dbd1 chore(release): 2.1.0
• f3d4dd2 feat: improved validation error messages (#187)
• 37c6acc chore(release): 2.0.1
• 4842f93 fix: allow using limit as string when you use loader with query string (#185)
• c0341da chore(defaults): update (#184)
• 78833ac chore(release): 2.0.0
• 4386b3e chore(deps): update (#182)
• 60d2cb3 feat: limit option can be boolean (#181)
• d82e453 fix: `limit` should always be a number and 0 value handles as number (#180)
• 3c24545 fix: fallback loader will be used than limit is equal or greater (#179)
• a6705cc test: test svg scenario. #176 (#177)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution