[Snyk] Fix for 1 vulnerabilities

[smollweide]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/config/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: nodemon

The new version differs by 88 commits.

• 27e91c3 fix: update packge-lock
• 0144e4f fix: bump update-notifier to v6.0.0 (#2029)
• c870342 chore: update supporters
• 5c0b472 chore: add supporter
• e26aaa9 fix: support windows by using path.delimiter
• 9d1afd7 docs: add syntax highlighting to sample-nodemon.md (#1982) (#2004)
• de5d32a docs: Unified Node.js capitalization (#1986)
• e890927 docs: add note to faq with example showing how to watch any file extension (#1931)
• bc4547b chore: update sponsors
• 07159c5 chore: add supporters
• cd100da chore: update supporters
• 6a34922 chore: supporters
• e5d6067 chore: updating supporters
• 242f9f7 Merge branch 'main' of github.com:remy/nodemon
• 141e58c chore: update supporters
• 53422af ci(release): workflow uses 'npm' cache (#1933)
• 581c641 ci(node.js): workflow uses 'npm' cache (#1934)
• cb1c8b9 docs: Fix typo in faq.md (#1950)
• 54784ab fix: bump prod dep versions
• 26db983 chore: update supporters
• 61e7abd fix: add windows signals SIGUSR2 & SIGUSR1 to terminate the process (#1938)
• b449171 docs: Fix typo in faq.md
• 0a3175f chore: update supporters
• 18516d8 chore: add supporter

See the full diff

Package name: scss-config-webpack-plugin

The new version differs by 29 commits.

• 18fed84 v2.0.2
• 69d135e chore: add package-lock
• 692741d Merge pull request [Snyk] Security upgrade scss-config-webpack-plugin from 2.0.0 to 2.0.2 #84 from namics/fix/maintenance
• 5ef2bb5 fix(scss-config-webpack-plugin): update dependencies
• fa640e4 chore: bump deps
• c6afb4a chore: remove outdated contributors infos in favor of contributors overview in GitHub
• af02ef3 chore: bump deps
• f4a4e11 fix(scss-config-webpack-plugin): update postcss dependencies
• 22ee31a fix(scss-config-webpack-plugin): update dependencies
• b7a5519 ci: split up test and performance actions
• a6a6382 ci: Use GitHub Actions
• ed28c42 chore: use current node lts version
• 0103242 style: prettify
• 632a08d fix: update dependencies
• 95e6847 chore: bump dev deps
• eeb274a chore: bump dev deps
• fae0cdb fix(ts-config-webpack-plugin): update dependencies
• 3aa2c89 chore: bump lerna
• 10a3dc3 fix(image-config-webpack-plugin): update dependencies
• 4b3584b fix(font-config-webpack-plugin): update dependencies
• 52d7168 chore: bump dev deps
• 9cf2dfa chore: improve update-script
• 203965f ci: remove unneeded bootstrap task
• db8a62d ci: update travis and appveyor config

See the full diff

Package name: ts-config-webpack-plugin

The new version differs by 29 commits.

• 18fed84 v2.0.2
• 69d135e chore: add package-lock
• 692741d Merge pull request [Snyk] Security upgrade scss-config-webpack-plugin from 2.0.0 to 2.0.2 #84 from namics/fix/maintenance
• 5ef2bb5 fix(scss-config-webpack-plugin): update dependencies
• fa640e4 chore: bump deps
• c6afb4a chore: remove outdated contributors infos in favor of contributors overview in GitHub
• af02ef3 chore: bump deps
• f4a4e11 fix(scss-config-webpack-plugin): update postcss dependencies
• 22ee31a fix(scss-config-webpack-plugin): update dependencies
• b7a5519 ci: split up test and performance actions
• a6a6382 ci: Use GitHub Actions
• ed28c42 chore: use current node lts version
• 0103242 style: prettify
• 632a08d fix: update dependencies
• 95e6847 chore: bump dev deps
• eeb274a chore: bump dev deps
• fae0cdb fix(ts-config-webpack-plugin): update dependencies
• 3aa2c89 chore: bump lerna
• 10a3dc3 fix(image-config-webpack-plugin): update dependencies
• 4b3584b fix(font-config-webpack-plugin): update dependencies
• 52d7168 chore: bump dev deps
• 9cf2dfa chore: improve update-script
• 203965f ci: remove unneeded bootstrap task
• db8a62d ci: update travis and appveyor config

See the full diff

Package name: webpack-cli

The new version differs by 250 commits.

• fb50f76 chore(release): publish new version
• 2c75aeb chore: new version of the packages
• 0d05c30 chore(release): publish %s
• 3f9e151 chore: fix lerna config
• 2c1e34c tests(generator): enhance init generator tests (#1236)
• 6ee61b9 Fix loader-generator and plugin-generator tests (#1250)
• 52956a2 Fixing the typos and grammatical errors in Readme files (#1246)
• 7faaed2 chore: update Bug_report & Feature_request Templates (#1256)
• 7a5b33d feat(webpack-cli): added mode argument (#1253)
• 3715756 tests(webpack-cli): add test case for defaults flag (#1254)
• a7cba2f chore: project maintanance and typescript fix (#1247)
• 7748472 chore: ignore package-lock.json and remove its references (#1252)
• a014aa7 docs: fix supported arguments & commands link in README (#1244)
• 06129a1 feat(webpack-cli): add progress bar for progress flag (#1238)
• 6cc6a49 chore: post refactor CLI (#1237)
• 358651e chore: move cli under lerna package (#1225)
• 2dc495a fix(init): fix webpack config scaffold (#1231)
• 1ab62d2 tests(generator): add tests for plugin generator (#1235)
• d2dd0c1 tests(sourcemap): fix flaky stats statement (#1232)
• f6dc680 tests(loader-generator): add tests for loader generator (#1234)
• 35d1381 tests(generator): enable init generator test (#1233)
• 66cdcb6 chore(generator): remove transpiled tests (#1229)
• f29a170 fix(init): fix the invalid package name (#1228)
• 8c3a66d chore(cli): updated changelog of v3 (#1224)

See the full diff

Package name: webpack-dev-server

The new version differs by 250 commits.

• c9271b9 chore(release): 4.0.0
• 18bf369 test: fix stability (#3676)
• cdcabb2 fix: respect protocol from browser for manual setup (#3675)
• 1768d6b fix: initial reloading for lazy compilation (#3662)
• 4f5bab1 docs: improve examples (#3672)
• f2d87fb fix: improve https CLI output (#3673)
• 0277c5e chore: remove redundant console statements (#3671)
• 16fcdbc docs: add `ipc` example (#3667)
• 8915fb8 test: add e2e tests for built in routes (#3669)
• 4d1cbe1 docs: ask `version` information in issue template (#3668)
• b6c1881 chore(deps-dev): bump core-js from 3.16.1 to 3.16.2 (#3666)
• ffa8cc5 chore(deps-dev): bump supertest from 6.1.5 to 6.1.6 (#3665)
• f1fdaa7 chore(release): 4.0.0-rc.1
• c4678bc fix: legacy API (#3660)
• d8bdd03 test: fix stability (#3661)
• 22b1414 refactor: remove `killable` (#3657)
• 75bafbf test: add e2e tests for module federation (#3658)
• 493ccbd chore(deps): update `ws` (#3652)
• ae8c523 test: add e2e test for universal compiler (#3656)
• f94b84f chore(deps): update (#3655)
• 1923132 test: fix cli
• 2adfd01 test: fix todo (#3653)
• 6e2cbde fix: proxy logging and allow to pass options without the `target` option (#3651)
• c9ccc96 fix: respect infastructureLogging.level for client.logging (#3613)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)