Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update dependency css-loader to v2 #45

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

chore(deps): update dependency css-loader to v2 #45

wants to merge 1 commit into from

Conversation

mend-for-github-com[bot]
Copy link

@mend-for-github-com mend-for-github-com bot commented Mar 31, 2023
edited
Loading

This PR contains the following updates:

Package Type Update Change
css-loader devDependencies major ^0.28.11 -> ^2.0.0

By merging this PR, the below vulnerabilities will be automatically resolved:

Severity CVSS Score CVE
High High 8.1 WS-2019-0063
High High 7.5 CVE-2021-23382
High High 7.5 CVE-2021-28092
High High 7.5 CVE-2021-29059
High High 7.5 WS-2019-0032
High High 7.5 WS-2021-0152

Release Notes

webpack-contrib/css-loader (css-loader)

v2.0.0

Compare Source

Bug Fixes
  • broken unucode characters (#​850) (f599c70)
  • correctly processing urls() with ?#hash (#​803) (417d105)
  • don't break loader on invalid or not exists url or import token (#​827) (9e52d26)
  • don't duplicate import with same media in different case (#​819) (9f66e33)
  • emit warnings on broken import at-rules (#​806) (4bdf08b)
  • handle uppercase URL in import at-rules (#​818) (3ebdcd5)
  • inconsistent generate class names for css modules on difference os (#​812) (0bdf9b7)
  • reduce number of require for urls() (#​854) (3338656)
  • support deduplication of string module ids (optimization.namedModules) (#​789) (e3bb83a)
  • support module resolution in composes (#​845) (453248f)
  • same urls() resolving logic for modules (local and global) and without modules (#​843) (fdcf687)
Features
BREAKING CHANGES
  • resolving logic for url() and import at-rules works the same everywhere, it does not matter whether css modules are enabled (with global and local module) or not. Examples - url('image.png') as require('./image.png'), url('./image.png') as require('./image.png'), url('~module/image.png') as require('module/image.png').
  • by default css modules are disabled (now modules: false disable all css modules features), you can return old behaviour change this on modules: 'global'
  • css-loader/locals was dropped in favor exportOnlyLocals option
  • import option only affect on import at-rules and doesn't affect on composes declarations
  • invalid @import at rules now emit warnings
  • use postcss@7

1.0.1 (2018-10-29)

Bug Fixes

v1.0.1

Compare Source

Bug Fixes

v1.0.0

Compare Source

BREAKING CHANGES

0.28.11 (2018-03-16)

Bug Fixes
  • lib/processCss: don't check mode for url handling (options.modules) (#​698) (c788450)

0.28.10 (2018-02-22)

Bug Fixes
  • getLocalIdent: add rootContext support (webpack >= v4.0.0) (#​681) (9f876d2)

0.28.9 (2018-01-17)

Bug Fixes

0.28.8 (2018-01-05)

Bug Fixes

0.28.7 (2017-08-30)

Bug Fixes

0.28.6 (2017-08-30)

Bug Fixes
  • add support for aliases starting with / (options.alias) (#​597) (63567f2)

0.28.5 (2017-08-17)

Bug Fixes
  • match mutliple dashes (options.camelCase) (#​556) (1fee601)
  • stricter [@import](https://togithub.com/import) tolerance (#​593) (2e4ec09)

0.28.4 (2017-05-30)

Bug Fixes

0.28.3 (2017-05-25)

Bug Fixes

0.28.2 (2017-05-22)

Bug Fixes

0.28.1 (2017-05-02)

Bug Fixes
Performance Improvements
  • If you want to rebase/retry this PR, check this box

@mend-for-github-com mend-for-github-com bot added the security fix Security fix generated by WhiteSource label Mar 31, 2023
@mend-for-github-com
Copy link
Author

mend-for-github-com bot commented Mar 31, 2023
edited
Loading

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json
npm WARN old lockfile 
npm WARN old lockfile The package-lock.json file was created with an old version of npm,
npm WARN old lockfile so supplemental metadata must be fetched from the registry.
npm WARN old lockfile 
npm WARN old lockfile This is a one-time fix-up, please be patient...
npm WARN old lockfile 
npm ERR! code ERESOLVE
npm ERR! ERESOLVE unable to resolve dependency tree
npm ERR! 
npm ERR! While resolving: [email protected]
npm ERR! Found: [email protected]
npm ERR! node_modules/webpack
npm ERR!   dev webpack@"^2.2.1" from the root project
npm ERR! 
npm ERR! Could not resolve dependency:
npm ERR! peer webpack@"^4.0.0" from [email protected]
npm ERR! node_modules/css-loader
npm ERR!   dev css-loader@"^2.0.0" from the root project
npm ERR! 
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR! 
npm ERR! 
npm ERR! For a full report see:
npm ERR! /tmp/renovate/cache/others/npm/_logs/2024-04-04T08_10_18_507Z-eresolve-report.txt

npm ERR! A complete log of this run can be found in: /tmp/renovate/cache/others/npm/_logs/2024-04-04T08_10_18_507Z-debug-0.log

@mend-for-github-com mend-for-github-com bot changed the title chore(deps): update dependency css-loader to v2 chore(deps): update dependency css-loader to v2 - autoclosed Jun 16, 2023
@mend-for-github-com mend-for-github-com bot deleted the whitesource-remediate/css-loader-2.x branch June 16, 2023 09:17
@mend-for-github-com mend-for-github-com bot changed the title chore(deps): update dependency css-loader to v2 - autoclosed chore(deps): update dependency css-loader to v2 Jun 19, 2023
@mend-for-github-com mend-for-github-com bot reopened this Jun 19, 2023
@mend-for-github-com mend-for-github-com bot restored the whitesource-remediate/css-loader-2.x branch June 19, 2023 17:49
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/css-loader-2.x branch from 351deaa to d7bde65 Compare June 19, 2023 17:53
@mend-for-github-com mend-for-github-com bot changed the title chore(deps): update dependency css-loader to v2 chore(deps): update dependency css-loader to v2 - autoclosed Apr 3, 2024
@mend-for-github-com mend-for-github-com bot deleted the whitesource-remediate/css-loader-2.x branch April 3, 2024 06:46
@mend-for-github-com mend-for-github-com bot changed the title chore(deps): update dependency css-loader to v2 - autoclosed chore(deps): update dependency css-loader to v2 Apr 4, 2024
@mend-for-github-com mend-for-github-com bot reopened this Apr 4, 2024
@mend-for-github-com mend-for-github-com bot restored the whitesource-remediate/css-loader-2.x branch April 4, 2024 08:07
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/css-loader-2.x branch from d7bde65 to 1ca6442 Compare April 4, 2024 08:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
security fix Security fix generated by WhiteSource
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants