[Snyk] Fix for 22 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	619/1000 Why? Has a fix available, CVSS 8.1	Prototype Pollution SNYK-JS-AJV-584908	Yes	No Known Exploit
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISMOBILEJS-72624	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1085627	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1243891	Yes	Proof of Concept
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JS-JSYAML-173999	Yes	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-JSYAML-174129	Yes	No Known Exploit
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-MOCHA-561476	Yes	No Known Exploit
	520/1000 Why? Has a fix available, CVSS 5.9	Denial of Service SNYK-JS-NODEFETCH-674311	Yes	No Known Exploit
	704/1000 Why? Has a fix available, CVSS 9.8	Arbitrary Code Injection SNYK-JS-OPEN-174041	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Information Exposure SNYK-JS-WEBPACKDEVSERVER-72405	Yes	No Known Exploit
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	Yes	No Known Exploit
	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Regular Expression Denial of Service (ReDoS) npm:diff:20180305	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:eslint:20180222	Yes	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Arbitrary Code Injection npm:growl:20160721	Yes	No Known Exploit
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Yes	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	No	No Known Exploit
	741/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.4	Arbitrary Command Injection npm:open:20180512	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: css-loader

The new version differs by 80 commits.

• 634ab49 chore(release): 2.0.0
• 6ade2d0 refactor: remove unused file (Is it possible to suggest a list of enabled and disabled items, but disabled ones can't be selectable? moroshko/react-autosuggest#860)
• e7525c9 test: nested url (Bump json5 from 1.0.1 to 1.0.2 moroshko/react-autosuggest#859)
• 7259faa test: css hacks (Bump flat and mocha moroshko/react-autosuggest#858)
• 5e6034c feat: allow to filter import at-rules (Bump express from 4.17.1 to 4.18.2 moroshko/react-autosuggest#857)
• 5e702e7 feat: allow filtering urls (Bump qs from 6.5.2 to 6.5.3 moroshko/react-autosuggest#856)
• 9642aa5 test: css stuff (Bump decode-uri-component from 0.2.0 to 0.2.2 moroshko/react-autosuggest#855)
• 3338656 fix: reduce number of require for url (Cannot read properties of undefined (reading 'focus') error on console on mobile use moroshko/react-autosuggest#854)
• 533abbe test: issue 636 (React 18: getSectionSuggestions is called with undefined after selecting suggestion on mobile device moroshko/react-autosuggest#853)
• 08c551c refactor: better warning on invalid url resolution (Bump terser from 4.6.7 to 4.8.1 moroshko/react-autosuggest#852)
• b0aa159 test: issue react autosuggest only populates on page refresh moroshko/react-autosuggest#589 (Bump jsdom from 15.1.1 to 16.5.0 moroshko/react-autosuggest#851)
• f599c70 fix: broken unucode characters (Bump eventsource from 1.0.7 to 1.1.1 moroshko/react-autosuggest#850)
• 1e551f3 test: issue 286 (Standalone build: autosuggest.js should not be minified moroshko/react-autosuggest#849)
• 419d27b docs: improve readme (Bump async from 2.6.3 to 2.6.4 moroshko/react-autosuggest#848)
• d94a698 refactor: webpack-default (Add highlighted data to onKeyDown function moroshko/react-autosuggest#847)
• b97d997 feat: schema options
• 453248f fix: support module resolution in composes (Is it possible to create a function called on focus event? moroshko/react-autosuggest#845)
• 8a6ea10 refactor: postcss plugins (Bump url-parse from 1.4.7 to 1.5.10 moroshko/react-autosuggest#844)
• fdcf687 fix: url resolving logic (Bump url-parse from 1.4.7 to 1.5.7 moroshko/react-autosuggest#843)
• 889dc7f feat: allow to disable css modules and disable their by default (Bump follow-redirects from 1.11.0 to 1.14.8 moroshko/react-autosuggest#842)
• ee2d253 test: importLoaders option (Bump ajv from 6.12.0 to 6.12.6 moroshko/react-autosuggest#841)
• 1dad1fb feat: reuse postcss ast from other loaders (i.e `postcss-loader`) (Bump pathval from 1.1.0 to 1.1.1 moroshko/react-autosuggest#840)
• fe94ebc test: icss reserved keywords (fix: Cannot read properties of undefined (reading 'focus') moroshko/react-autosuggest#839)
• 9eaba66 refactor: migrate on message api for postcss-icss-plugin (Want to throttle or debounce the fetch call, is it possible to have onSuggestionsFetchRequested not required moroshko/react-autosuggest#838)

See the full diff

Package name: eslint

The new version differs by 250 commits.

• b7d79b1 7.3.0
• bf98627 Build: changelog update for 7.3.0
• 638a6d6 Update: add missing `additionalProperties: false` to some rules' schema (#13198)
• 949a5cd Update: fix operator-linebreak overrides schema (#13199)
• 9e1414e New: Add no-promise-executor-return rule (fixes #12640) (#12648)
• 09cc0a2 Update: max-lines reporting loc improvement (refs #12334) (#13318)
• ee2fc2e Update: object-property-newline end location (refs #12334) (#13399)
• d98152a Update: added empty error array check for false negative (#13200)
• 7fb45cf Fix: clone config before validating (fixes #12592) (#13034)
• aed46f6 Sponsors: Sync README with website
• 7686d7f Update: semi-spacing should check do-while statements (#13358)
• cbd0d00 Update: disallow multiple options in comma-dangle schema (fixes #13165) (#13166)
• b550330 New: Add no-unreachable-loop rule (fixes #12381) (#12660)
• 13999d2 Update: curly should check consequent `if` statements (#12947)
• c42e548 Chore: enable exceptRange option in the yoda rule (#12857)
• 6cfbd03 Update: Drop @ typescript-eslint/eslint-recommended from `eslint --init` (#13340)
• 796f269 Chore: update eslint-config-eslint's required node version (#13379)
• 9d0186e Docs: Fix changelog versions (#13410)
• 1ee3c42 Docs: On maxEOF with eol-last (fixes #12742) (#13374)
• 2a21049 Update: key-spacing loc changes for extra space (refs #12334) (#13362)
• 7ce7988 Chore: Replace the inquirer dependency with enquirer (#13254)
• 0f1f5ed Docs: Add security policy link to README (#13403)
• 9e9ba89 Sponsors: Sync README with website
• ca59fb9 Sponsors: Sync README with website

See the full diff

Package name: husky

The new version differs by 11 commits.

• 3abb0b8 0.14.0
• e649c6b 0.14 (Please support input valueLink moroshko/react-autosuggest#142)
• 3ba3c34 Update to handle failed prepare-commit-msg (Quick question regarding browser support moroshko/react-autosuggest#138)
• b136173 Create README.md
• d9a8f01 Update package.json
• 91fd43e Create CHANGELOG.md
• 84025a8 Create CHANGELOG.md
• 333ca98 Correct work with worktrees (How i can add ref for input element? moroshko/react-autosuggest#114)
• 4378d18 Update README.md (Add optional maxLength prop moroshko/react-autosuggest#132)
• 9321e7a Don't load nvm if it's already loaded
• 4bf6014 Update CHANGELOG.md

See the full diff

Package name: ismobilejs

The new version differs by 4 commits.

• 1aaae36 Merge pull request Uncaught TypeError: Cannot read property 'toLowerCase' of null moroshko/react-autosuggest#77 from kaimallea/various-fixes
• 1b14e02 Update README
• 8a075cf Use faster regular expressions
• 1cdf46d Various updates

See the full diff

Package name: isomorphic-fetch

The new version differs by 12 commits.

• fc5e0d0 3.0.0
• 496fa43 Add version that was previously uncomitted to the package.json due to the previous release process
• 9f5a8b6 Add a list of alternatives
• 49280e6 Resolve minor security issue
• 0f5edd0 Explain why Isomorphic Fetch is needed in docs (Support React v15 moroshko/react-autosuggest#135)
• e32b006 Fix travis (Scroll not working in IE-11 moroshko/react-autosuggest#190)
• db0aa8c Update to latest version
• 8bf02c4 Bump node-fetch from 1.7.3 to 2.6.1 (function onSuggestionsUpdateRequested({ value, reason }) reason not working? moroshko/react-autosuggest#189)
• 89c7e70 Merge pull request Can't update state with Immutable.js moroshko/react-autosuggest#93 from paulmelnikow/fetch_ponyfill
• 25e3cab Add link to fetch-ponyfill
• 8d33aba Merge pull request Input setState different when onSuggestionSelected using keyboard or mouse moroshko/react-autosuggest#90 from josiah0/update-lintspaces-cli
• c22fcda Update lintspaces-cli

See the full diff

Package name: less

The new version differs by 127 commits.

• b873737 Merge pull request #3177 from Kartoffelsalat/master
• bd2a93f chore(package): update request to 2.83.0
• 3699921 Merge pull request #3170 from thorn0/patch-1
• 6985541 Having `inline` and `less` imports of the same name lead to a race condition
• 2f1386f Merge pull request #3168 from matthew-dean/master
• 4272871 Fixes #3116 - lessc not loading plugins in 3.0
• ba5ad9c Point badges at master branch
• 4962988 Update CHANGELOG.md
• 12fe0c6 Update README.md
• 45d06b9 Merge pull request #3163 from matthew-dean/master
• 9590b7b Add dist files
• 0b6536b Merge branch '3.x'
• a48c24c calc() fix - fixes #974 (partially #1880)
• 367b46a Merge pull request #3161 from matthew-dean/3.x
• 4508495 Remove legacy upgrade
• 2a4a63a Update CHANGELOG.md with 3.x list
• bb6da28 Update README.md
• f80a021 Merge pull request #3159 from matthew-dean/3.x
• 8b4524f Bump to 3.0.0-RC.1
• d30e3a6 Merge pull request #3150 from anthony-redFox/3.x
• 0b7c81c Removed install npm 2 version for appveyor. It was hotfix for old node version.
• 5d230dd Drop node 0.10 and 0.12 and added node 9 matrix testing
• 385da8f Update stale.yml
• d384779 Create stale.yml

See the full diff

Package name: lint-staged

The new version differs by 250 commits.

• 885a644 Merge pull request Bump terser from 4.6.7 to 4.8.1 moroshko/react-autosuggest#852 from okonet/listr2
• aba3421 fix: all lint-staged output respects the `quiet` option
• b8df31a fix: do not show incorrect error when verbose and no output
• eed6198 style: simplify eslint and prettier config
• b746290 ci: replace Node.js 13 with 14, since 14 will be next LTS
• 2c6f3ad docs: improve `verbose` description
• e749a0b test: remove redundant, misbehaving test
• 16848d8 fix: use test renderer during tests and when TERM=dumb
• efffa22 test: cover `--verbose` option usage
• 1b18550 test: restore variable in test output
• 6aede38 test: add test for error during merge state restoration
• b565481 test: integration test targets the full Node.js API instead of just `runAll`
• a3bd9d7 feat: allow specifying `cwd` using the Node.js API
• 85de3a3 feat: add `--verbose` to show output even when tasks succeed
• d69c65b fix: log task output after running listr to keep everything
• e95d1b0 refactor: move skip and enable cheks of listr tasks to separate file
• 6da7667 refactor: move messages to separate file
• 6392480 refactor: use symbols for errors
• 8f32a3e feat: replace listr with listr2 and print errors inline
• c9adca5 fix: use stash create/store to prevent files from disappearing from disk
• e093b1d fix(deps): update dependencies
• 6066b07 fix: pass correct path to unstaged patch during cleanup
• 0bf1fb0 fix: allow lint-staged to run on empty git repo by disabling backup
• 1ac6863 Merge pull request Bump follow-redirects from 1.11.0 to 1.14.7 moroshko/react-autosuggest#837 from okonet/serial-git-add

See the full diff

Package name: mocha

The new version differs by 250 commits.

• eb781e2 Release v6.2.3
• 10dbe94 update CHANGELOG for v6.2.3 [ci skip]
• 848d6fb security: update mkdirp, yargs, yargs-parser
• 843a322 6.2.2
• aec8b02 update CHANGELOG for v6.2.2 [ci skip]
• 7a8b95a npm audit fixes
• cebddf2 Improve reporter documentation for mocha in browser. (#4026)
• 3f7b987 uncaughtException: report more than one exception per test (#4033)
• ee82d38 modify alt text of image from Backers to Sponsors inside Sponsors section in Readme (#4046)
• e9c036c special-case parsing of "require" in unparseNodeArgs(); closes #4035 (#4063)
• 954cf0b Fix HTMLCollection iteration to make unhide function work as expected (#4051)
• 816dc27 uncaughtException: fix double EVENT_RUN_END events (#4025)
• 9650d3f add OpenJS Foundation logo to website (#4008)
• f04b81d Adopt the OpenJSF Code of Conduct (#3971)
• aca8895 Add link checking to docs build step (#3972)
• ef6c820 Release v6.2.1
• 9524978 updated CHANGELOG for v6.2.1 [ci skip]
• dfdb8b3 Update yargs to v13.3.0 (#3986)
• 18ad1c1 treat '--require esm' as Node option (#3983)
• fcffd5a Update yargs-unparser to v1.6.0 (#3984)
• ad4860e Remove extraGlobals() (#3970)
• b269ad0 Clarify effect of .skip() (#3947)
• 1e6cf3b Add Matomo to website (#3765)
• 91b3a54 fix style on mochajs.org (#3886)

See the full diff

Package name: nyc

The new version differs by 109 commits.

• 4a6b327 chore(release): 13.0.1
• ae5318b chore: Update istanbul dependencies. (#896)
• d0b76e2 fix: Enable es-modules by default. (#889)
• 6b6cd5e fix: add flag to allow control of intrumenter esModules option, default to looser parsing (Renovate moroshko/react-autosuggest#863)
• c325799 docs: reference babel 7 in all places (#881)
• 7483ed9 fix: use uuid/v4 to generate unique identifiers. (#883)
• 8ab1ae3 chore: update dependencies (#872)
• 52b69ef fix: Update caching-transform options. (#873)
• 624a723 chore: update dependencies (#866)
• a5818f5 chore(release): 13.0.0
• f0d98a5 docs: update README.md with babel configuration info (Is it possible to suggest a list of enabled and disabled items, but disabled ones can't be selectable? moroshko/react-autosuggest#860)
• 893345a feat: allow rows with 100% statement, branch, and function coverage to be skipped in text report (Bump json5 from 1.0.1 to 1.0.2 moroshko/react-autosuggest#859)
• f09cf02 chore: update dependencies (Bump decode-uri-component from 0.2.0 to 0.2.2 moroshko/react-autosuggest#855)
• d0f654c fix: source was being instrumented twice, due to upstream fix in ista… (React 18: getSectionSuggestions is called with undefined after selecting suggestion on mobile device moroshko/react-autosuggest#853)
• adb310c chore(release): 12.0.2
• ddc9331 fix: stop bundling istanbul-lib-instrument due to npm issue on Node 6 (Cannot read properties of undefined (reading 'focus') error on console on mobile use moroshko/react-autosuggest#854)
• b4c325b fix: don't bundle istanbul-lib-instrument due to Node 6 issues
• 9fc20e4 chore(release): 12.0.1
• 3e087d4 chore: upgrade to version of istanbul with optional catch binding (Bump jsdom from 15.1.1 to 16.5.0 moroshko/react-autosuggest#851)
• eaf3f70 chore(release): 12.0.0
• 19b7d21 chore: upgrade to newest version of istanbul codebase (Bump async from 2.6.3 to 2.6.4 moroshko/react-autosuggest#848)
• 570a08a chore(release): 11.9.0
• 1329a3b feat: add option that allows instrument to exit on error (Bump eventsource from 1.0.7 to 1.1.1 moroshko/react-autosuggest#850)
• bc9ffe5 chore(release): 11.8.0

See the full diff

Package name: postcss-loader

The new version differs by 143 commits.

• 792e217 chore(release): 4.0.0
• 598f36d docs: improve readme
• cad6f07 fix: avoid mutations of options and config (Fire event after user selects value from list moroshko/react-autosuggest#470)
• 77449e1 test: union (focusInputOnSuggestionClick throwing error when creating input ref moroshko/react-autosuggest#469)
• 9b75888 feat: reuse AST from other loaders (How do I import 'AutosuggestHighlightMatch' and 'AutosuggestHighlightParse'? moroshko/react-autosuggest#468)
• 5e4a77b fix: resolve `from` and `to` from config and options (onTouchStart does not update value in input field. moroshko/react-autosuggest#467)
• 225b2e5 refactor: do not validate `postcss` options (CSS modules theme example moroshko/react-autosuggest#466)
• 3d32c35 fix: `default` export for plugins (renderSuggestionsContainer with no children moroshko/react-autosuggest#465)
• 38ebe08 refactor: `execute` option (Cannot read property 'focus' of undefined moroshko/react-autosuggest#464)
• d0ea725 refactor: config loading
• 108d871 test: more
• b4d3bcc chore: remove unnecessary dev deps (Need help on "having the suggestion lists open if user click done in iOS virtual keyboard" moroshko/react-autosuggest#460)
• 475278c chore: move `postcss` to `peerDependencies` (Dismiss auto suggest moroshko/react-autosuggest#459)
• 98441ff fix: respect the `map` option and source maps (get onSuggestionSelected item moroshko/react-autosuggest#458)
• ba88040 refactor: do not pass meta from other loaders (Upgrade docs from 1.18.3 to 9.3.2 moroshko/react-autosuggest#457)
• 25a16a0 refactor: source map code
• 677c2fe refactor: removed `inline` value for the `sourceMap` option (Error after React Dom update moroshko/react-autosuggest#454)
• d8d84f7 refactor: code (My react-autosuggest css have a problem! moroshko/react-autosuggest#453)
• 3cd85df refactor: code
• 6eb44ed refactor: code
• 53da71a refactor: sourcemap paths
• d7bc470 feat: array syntax for plugins
• 2cd7614 refactor: code (Section index or id information in callbacks moroshko/react-autosuggest#451)
• 60e4f12 docs: addDependency ([Bug] Suggestion box get hidden by stepper moroshko/react-autosuggest#448)

See the full diff

Package name: style-loader

The new version differs by 22 commits.

• 5d73db7 chore(release): 0.20.0
• 08ce425 chore(package): update dependencies
• 28f603f refactor: remove comments from bundle source code
• dda8b89 test: rename && update HMR tests
• 23c3567 fix(options): add `transform` option validation (`{String}`)
• e0c4b19 fix(options): support passing a `{Function}` (`options.insertInto`)
• ac8430c ci(travis): update `node` v4.3.0...4.8.0
• 0eb8fe7 feat: support passing a `{Function}` (`options.insertInto`) (Availability of auto-suggestions not announced to screen readers  moroshko/react-autosuggest#279)
• 3a4cb53 fix(index): enable HMR in case `locals` (`css-modules`) are unchanged (README: Fixed id link to onSuggestionSelected moroshko/react-autosuggest#298)
• 9b46128 fix(addStyles): check if `HTMLIFrameElement` exist (redux.creatStore is not a function moroshko/react-autosuggest#296)
• a7734e6 chore(package): update repository url (Add label to Autosuggest for input fields moroshko/react-autosuggest#290)
• 6ca2ecb chore(release): 0.19.1
• 2bfc93e fix(addStyles): correctly check `singleton` behavior when `{Boolean}` (`options.singleton`) (Pass query as a property to renderSuggestionsContainer moroshko/react-autosuggest#285)
• 57c457d docs: fixed missing commas in configuration examples (Unable to use code sample in README.md moroshko/react-autosuggest#266)
• c9707f1 chore(release): 0.19.0
• 378e906 feat: add option to enable/disable HMR (`options.hmr`) (How can I focus the input field? moroshko/react-autosuggest#264)
• 67120f8 feat: support 'before' insertions (`options.insertAt`) (Set focus from external events moroshko/react-autosuggest#253)
• a2ae3ac docs(README): fix bash code highlight (Debouncing is broken in IE moroshko/react-autosuggest#262)
• ce53bd9 docs(readme): fix typo ([Comment] Reusability aka Redux Dependency moroshko/react-autosuggest#260)
• 57e171f docs: Fixes typo in readme (Using tether with react-autosuggest moroshko/react-autosuggest#258)
• 01ceef8 docs(README): fix example (`options.insertInto`) (Getting active suggestion moroshko/react-autosuggest#251)
• 25e8e89 feat: add support for iframes (`options.insertInto`) (how can I get the selected Index when a button I've created is clicked? moroshko/react-autosuggest#248)

See the full diff

Package name: svgo

The new version differs by 156 commits.

• e7bdce6 v1.1.0
• 37d4ca8 Fix cleanupListOfValues to preserve non-numeric values
• eeeb67d Fix convertTransform wrong rotate sign
• 7a07b84 Fix collapseGroups plugin affecting switch and subgroups
• 5800635 Fix converting to large arcs from nearly straight lines curves
• a4fb3a4 Prevent removeUnknownsAndDefaults removing attributes from elements with id
• 831f95f Fix empty path segments removing with stroke-linecap
• a165206 Update presentation attribute collection for removeNonInheritableGroupAttrs plugin
• 36db31a Fix removeNonInheritableGroupAttrs not working as intended
• f3bcbcc Fix viewBox value parsing
• 3c82fd7 Correct parsing of arc flags without following comma/spaces
• 86ecd37 Handle !important keyword in convertStyleToAttrs
• 72fa7d3 Sync readme and tty help
• 32e9e41 Update css-select to version 2
• aa99c6f Update js-yaml to version 3.12
• 7fd5bde Add rollup-plugin-svgo to list of usage
• 8a43a5c adds jshint to devDependencies
• f92629f Add keepRoleAttr option for removeUnknownsAndDefaults (#1002)
• 62f67de Return the path, so it can be used to overwrite the file with the optimized version
• b2b9acb tweak: do not collapse group properties to children if they contain filters.
• 3e2fd44 feat: offer ES module interop default export (#934)
• e7b8a6c Upgrade css-tree from alpha25 to alpha.28
• e928c1f Update convertPathData.js (#906)
• 50f4fed dont transform stroke width for non-scaling-strokes (Bump express from 4.17.1 to 4.18.2 moroshko/react-autosuggest#857)

See the full diff

Package name: url-loader

The new version differs by 8 commits.

• 11dce14 docs: Update changelog with nsp advisory
• 1934507 chore(release): 0.6.0
• a1e1fef chore: Fix mime version
• d19ee2d chore: update `mime` package to avoid deprecation mime type with `woff` and `woff2` (Reset callback fns when props are updated moroshko/react-autosuggest#87)
• 636ebed feat: add `fallback` option (No way to "pass by value" for suggestions list moroshko/react-autosuggest#88)
• f3f5fce docs(README): remove confusing `prefix` option (`options.prefix`) (Controlled example problem moroshko/react-autosuggest#89)
• 2de70bb docs(README): fix typo in example (defaultValue don't works moroshko/react-autosuggest#81)
• ced5990 feat(index): add options validation (`schema-utils`) (Dropdown closes when attempting to scroll (IE11) moroshko/react-autosuggest#78)

See the full diff

Package name: webpack

The new version differs by 250 commits.

• 4be093d 2.2.0
• 2278469 2.2.0-rc.8
• b946eb4 Merge pull request #3988 from malstoun/bug/2664
• 260e413 Merge pull request #3986 from webpack/bugfix/revert_use_of_buffer_dot_from
• 0ec7de9 Fix regression with watch cli opt, add tests for this case
• 72226db add missing disable line
• 4d30675 build fresh yarn.lock file to remove buffer polyfill
• 91c1f35 fix(node): rollback changes of Buffer.from to new Buffer() and bump down travis to 4.3 min node v
• 0b47602 2.2.0-rc.7
• db6ccbc Merge pull request #3978 from webpack/bugfix/conditional-reexports
• 82a5b03 Merge pull request #3977 from malstoun/bug/2664
• fc1a43b Merge pull request #3976 from timse/rely-on-defaults
• a44694a hoist exports declarations too
• 682bde8 Fix lint
• c6d7d90 Add tests
• af8d49e remove defaults values to shave a few bytes
• 9796696 2.2.0-rc.6
• e9bdb05 Merge pull request #3971 from webpack/bugfix/fix_available_vars_in_fmtp
• bd45bdc add test case for global in harmony modules
• bfccb20 fix PR
• 5a3a23f fix(nmf): Fix exports for var injection to include free glob exports or arguments
• 437dce4 2.2.0-rc.5
• 91cb1df Merge pull request #3970 from webpack/ci/appveyor
• 9fd55e5 Merge pull request #3969 from webpack/bugfix/issue-3964

See the full diff

Package name: webpack-dev-server

The new version differs by 250 commits.

• c9271b9 chore(release): 4.0.0
• 18bf369 test: fix stability (#3676)
• cdcabb2 fix: respect protocol from browser for manual setup (#3675)
• 1768d6b fix: initial reloading for lazy compilation (#3662)
• 4f5bab1 docs: improve examples (#3672)
• f2d87fb fix: improve https CLI output (#3673)
• 0277c5e chore: remove redundant console statements (#3671)
• 16fcdbc docs: add `ipc` example (#3667)
• 8915fb8 test: add e2e tests for built in routes (#3669)
• 4d1cbe1 docs: ask `version` information in issue template (#3668)
• b6c1881 chore(deps-dev): bump core-js from 3.16.1 to 3.16.2 (#3666)
• ffa8cc5 chore(deps-dev): bump supertest from 6.1.5 to 6.1.6 (#3665)
• f1fdaa7 chore(release): 4.0.0-rc.1
• c4678bc fix: legacy API (#3660)
• d8bdd03 test: fix stability (#3661)
• 22b1414 refactor: remove `killable` (#3657)
• 75bafbf test: add e2e tests for module federation (#3658)
• 493ccbd chore(deps): update `ws` (#3652)
• ae8c523 test: add e2e test for universal compiler (#3656)
• f94b84f chore(deps): update (#3655)
• 1923132 test: fix cli
• 2adfd01 test: fix todo (#3653)
• 6e2cbde fix: proxy logging and allow to pass options without the `target` option (#3651)
• c9ccc96 fix: respect infastructureLogging.level for client.logging (#3613)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic