[Snyk] Fix for 1 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • grid-packages/ag-grid-docs/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: css-loader

The new version differs by 235 commits.

• 7857d8f chore(release): 4.0.0
• 5604205 feat: support `file:` protocol
• 5303db2 chore(deps): update (how can I change language from English to Chinese? ag-grid/ag-grid#1131)
• 9aa0549 chore(deps): update
• a54c955 test: imports
• 5b45d87 test: support in `@ import` at-rule
• 83515fa refactor: code
• 1c20b1e fix: parsing
• 7f49a0a feat: `@ value` supports importing `url()` (Force cell editing via API ag-grid/ag-grid#1126)
• 791fff3 refactor: named export (Callback function for Columns drag start and Stop ag-grid/ag-grid#1125)
• 01e8c76 refactor: change function arguments of the `import` option (Support Angular 2 component in a custom filter ag-grid/ag-grid#1124)
• c153fe6 refactor: improve schema options (Apply styling on selected cell or group of selected cells (not rows) in ag-grid and ag-grid-react ag-grid/ag-grid#1123)
• 58b4b98 test: unresolved ([paste] Paste fails randomly with some browsers ag-grid/ag-grid#1122)
• d2f6bd2 refactor: getLocalIdent function (rowDoubleClicked event works only when clicking an an are with Text ag-grid/ag-grid#1121)
• 069dbb0 refactor: the `modules.localsConvention` option was renamed to the `modules.exportLocalsConvention` option (Feature Request: style floating rows ag-grid/ag-grid#1120)
• fc04401 refactor: the `modules.context` option was renamed to the `modules.localIdentContext` option ([tabbing] allow suppressTabbing to disable the grids' tabbing features ag-grid/ag-grid#1119)
• 3a96a3d refactor: the `hashPrefix` option was renamed to the `localIdentHashPrefix` option (onFilter/SortChange events don't include column ag-grid/ag-grid#1118)
• 0080f88 refactor: default values `modules` and `module.auto` are true (same id, how can I do ag-grid/ag-grid#1117)
• e1c55e4 refactor: rename the `onlyLocals` option (Rename Column ag-grid/ag-grid#1116)
• ac5f413 refactor: code
• a5c1b5f test: code coverange (Sluggish movement with scroll bar ag-grid/ag-grid#1114)
• 908ecee refactor: `esModule` option is `true` by default (Grid doesn't render in ag-grid-enterprise 5.3.0 ag-grid/ag-grid#1111)
• 7cca035 test: coverange (filtered rows count ag-grid/ag-grid#1112)
• bc19ddd feat: improve `url()` resolving algorithm

See the full diff

Package name: file-loader

The new version differs by 42 commits.

• e44eb73 chore(release): 6.0.0
• ad39022 chore(deps): update ([Snyk] Security upgrade eslint-plugin-compat from 3.13.0 to 4.2.0 #369)
• e1fe27c docs: update README.md ([Snyk] Security upgrade eslint-plugin-compat from 3.13.0 to 4.2.0 #368)
• c2aded7 chore(release): 5.1.0
• cd8698b feat: support the `query` template for the `name` option ([Snyk] Security upgrade babel-loader from 8.1.0 to 9.1.3 #366)
• 5703c58 chore(deps): update ([Snyk] Fix for 1 vulnerabilities #365)
• 521bff2 chore: remove duplicate prettier config file ([Snyk] Fix for 1 vulnerabilities #357)
• 5ffac2e refactor: added description on esModule ([Snyk] Security upgrade @vue/cli-plugin-unit-jest from 3.12.1 to 5.0.0 #358)
• 190829e docs: fix the description of the `esModule` option ([Snyk] Security upgrade jest from 25.5.4 to 27.0.0 #348)
• f1b071c chore(release): 5.0.2
• 6431101 chore: add the `funding` field in `package.json` ([Snyk] Security upgrade karma from 4.1.0 to 5.0.8 #347)
• 90302cd chore(release): 5.0.1
• 31d6589 fix: name of `esModule` option in source code ([Snyk] Security upgrade @angular/cli from 8.3.29 to 14.2.12 #346)
• 2a18cba chore(release): 5.0.0
• 98a6c1d refactor: next ([Snyk] Security upgrade jest from 25.5.4 to 27.0.0 #345)
• 0df6c8d chore(release): 4.3.0
• a2f5faf refactor: code ([Snyk] Security upgrade jest from 25.5.4 to 27.0.0 #344)
• 9b9cd8d feat: new options flag to output ES2015 modules ([Snyk] Fix for 1 vulnerabilities #340)
• ba0fd4c chore(release): 4.2.0
• 642ee74 docs: improve readme ([Snyk] Security upgrade jest from 25.5.4 to 26.0.0 #341)
• c136f44 feat: `postTransformPublicPath` option ([Snyk] Fix for 1 vulnerabilities #334)
• d441daa chore(release): 4.1.0
• 705eed4 feat: improved validation error messages ([Snyk] Security upgrade webpack from 4.46.0 to 5.1.1 #339)
• d016daa chore(release): 4.0.0

See the full diff

Package name: html-loader

The new version differs by 55 commits.

• d7cccfa chore(release): 1.0.0
• 3c9a1d8 refactor: `attributes` option ([Snyk] Security upgrade @vue/cli-service from 3.12.1 to 4.0.0 #265)
• 8c73761 feat: `preprocessor` option ([Snyk] Security upgrade webpack from 4.46.0 to 5.0.0 #263)
• f2ce5b1 feat: improve errors
• 9923244 chore(deps): update ([Snyk] Fix for 1 vulnerabilities #260)
• 9835bde feat: supports `link:href` attribute for css ([Snyk] Fix for 1 vulnerabilities #258)
• 7af2eff refactor: improve schema ([Snyk] Fix for 2 vulnerabilities #257)
• 98412f9 docs: `filter` sources ([Snyk] Fix for 1 vulnerabilities #256)
• ff0f44c feat: implement the `filter` option for filtering some of sources ([Snyk] Fix for 1 vulnerabilities #255)
• 1c24662 refactor: move the `root` option under the `attributes` option ([Snyk] Fix for 1 vulnerabilities #254)
• 888b8fe docs: add footnote for `-attributes` ([Snyk] Fix for 1 vulnerabilities #252)
• 3d2907e refactor: remove the `interpolate` option
• bd979e2 refactor: remove the `interpolate` option
• fcba4ec fix: handle only valid srcset tags ([Snyk] Security upgrade @vue/cli-service from 3.12.1 to 5.0.1 #253)
• 9e5ce56 perf: improve source parse ([Snyk] Security upgrade @vue/cli-service from 3.12.1 to 5.0.1 #251)
• c9c8dad refactor: improve source parse ([Snyk] Fix for 1 vulnerabilities #250)
• 079d623 fix: respect `#hash` in sources
• a17df49 fix: reduce `import`/`require` count
• d0b0150 fix: adding quotes when necessary for unquoted sources ([Snyk] Security upgrade @vue/cli-service from 3.12.1 to 5.0.1 #247)
• e3727ab test: minifier
• 0bbe29c feat: migrate on `htmlparse2`
• b7af031 fix: escape `\u2028` and `\u2029` characters ([Snyk] Fix for 1 vulnerabilities #244)
• 24b0427 fix: parser tags and attributes according spec ([Snyk] Security upgrade @vue/cli-service from 3.12.1 to 5.0.1 #243)
• 3df909d feat: support `script:src` attributes

See the full diff

Package name: html-webpack-plugin

The new version differs by 250 commits.

• 74fae99 chore(release): 5.0.0
• 94a20df chore: update to webpack 5.20.0
• c5c8212 feat: add meta attribute for html tags
• d0ab774 feat: provide public path to the alterAssetTagGroups hook
• 5200ae6 feat: provide public path to the alterAssetTags hook
• ccbe93a chore: update examples to latest webpack version
• 33cbd59 fix: generate html files even if no webpack entry exists
• 826739f feat: allow to use the latest loader-utils and tapable version
• 81d7b2c feat: add typings for options and version
• 8d34b81 fix: use correct casing for webpack type import
• 36f9aca chore: upgrade dev dependencies
• 1755962 chore: fix css-loader for unit testing
• a79ab17 chore: drop support for appcache-webpack-plugin as it is not compatible to webpack 5
• 7c3146d feat: allow to set publicPath to empty string ’’
• b109213 docs: update installation instructions for webpack 4
• 833b46b fix: inject javascripts in the <head> tag for inject:true and scriptLoading:'defer'
• 13af0fb feat: add full support for public paths inside templates
• fd5fe58 refactor: move the publicPath generation into a seperate function
• 60a6ef8 test: add test for experiments: { outputModule: true }
• a43ab72 feat: overrule module output
• 10a0c5e fix: adjust tests as webpack 5 will no longer emit files for builds with errors
• 2975a6a feat: process html during the processAssets stage PROCESS_ASSETS_STAGE_OPTIMIZE_INLINE
• 0f9c239 fix: add support for publicPath: 'auto' in combination with type: 'asset/resource'
• ab8b195 fix: support loaders like raw-loader

See the full diff

Package name: postcss-loader

The new version differs by 39 commits.

• 792e217 chore(release): 4.0.0
• 598f36d docs: improve readme
• cad6f07 fix: avoid mutations of options and config ([Snyk] Security upgrade gulp-sass from 4.1.1 to 5.0.0 #470)
• 77449e1 test: union ([Snyk] Fix for 1 vulnerabilities #469)
• 9b75888 feat: reuse AST from other loaders ([Snyk] Security upgrade jest-circus from 26.6.0 to 27.0.0 #468)
• 5e4a77b fix: resolve `from` and `to` from config and options ([Snyk] Security upgrade jest from 25.5.4 to 29.0.0 #467)
• 225b2e5 refactor: do not validate `postcss` options ([Snyk] Security upgrade jest from 25.5.4 to 29.0.0 #466)
• 3d32c35 fix: `default` export for plugins ([Snyk] Fix for 1 vulnerabilities #465)
• 38ebe08 refactor: `execute` option ([Snyk] Fix for 1 vulnerabilities #464)
• d0ea725 refactor: config loading
• 108d871 test: more
• b4d3bcc chore: remove unnecessary dev deps ([Snyk] Fix for 1 vulnerabilities #460)
• 475278c chore: move `postcss` to `peerDependencies` ([Snyk] Fix for 1 vulnerabilities #459)
• 98441ff fix: respect the `map` option and source maps ([Snyk] Security upgrade glob from 7.2.3 to 9.0.0 #458)
• ba88040 refactor: do not pass meta from other loaders ([Snyk] Fix for 1 vulnerabilities #457)
• 25a16a0 refactor: source map code
• 677c2fe refactor: removed `inline` value for the `sourceMap` option ([Snyk] Security upgrade jest from 25.5.4 to 29.0.0 #454)
• d8d84f7 refactor: code ([Snyk] Security upgrade jest from 25.5.4 to 29.0.0 #453)
• 3cd85df refactor: code
• 6eb44ed refactor: code
• 53da71a refactor: sourcemap paths
• d7bc470 feat: array syntax for plugins
• 2cd7614 refactor: code ([Snyk] Security upgrade jest from 25.5.4 to 29.0.0 #451)
• 60e4f12 docs: addDependency ([Snyk] Fix for 2 vulnerabilities #448)

See the full diff

Package name: raw-loader

The new version differs by 17 commits.

• 35a10f4 chore(release): 4.0.1
• 21f0ca5 chore(deps): update ([Snyk] Fix for 1 vulnerabilities #90)
• e76476c chore(release): 4.0.0
• 5ec82d6 refactor: next ([Snyk] Security upgrade @angular-devkit/build-angular from 0.900.7 to 13.0.0 #88)
• d231710 chore(release): 3.1.0
• 6cf76b8 feat: improved validation error messages ([Snyk] Security upgrade @vue/cli-plugin-unit-jest from 3.12.1 to 4.0.0 #85)
• aebfd74 chore(deps): update ([Snyk] Security upgrade @vue/cli-plugin-unit-jest from 3.12.1 to 4.0.0 #84)
• f5b6aa4 docs: fix tests badge ([Snyk] Security upgrade @vue/cli-plugin-unit-jest from 3.12.1 to 4.0.0 #82)
• 854d6c8 chore(release): 3.0.0
• d11ff27 chore(deps): update ([Snyk] Security upgrade image-webpack-loader from 6.0.0 to 8.0.0 #81)
• 35762bd chore(release): 2.0.0
• 03933c7 chore(defaults): update ([Snyk] Security upgrade jest from 25.5.4 to 26.0.0 #70)
• 3c7bf2c feat: use ES Module export instead of CommonJS ([Snyk] Security upgrade karma from 4.1.0 to 5.0.8 #69)
• 7fa759c chore: integrate babel ([Snyk] Fix for 1 vulnerabilities #68)
• 6519eb2 chore: update webpack defaults ([Snyk] Security upgrade @vue/cli-service from 3.12.1 to 4.2.0 #67)
• 062b267 docs: improve ([Snyk] Fix for 1 vulnerabilities #66)
• 0622dc7 docs: improve information about loader order ([Snyk] Security upgrade jest from 25.5.4 to 26.0.0 #65)

See the full diff

Package name: source-map-loader

The new version differs by 15 commits.

• e0ec5d9 chore(release): 1.0.0
• 87fa9ae refactor: remove whatwg-encoding ([Snyk] Security upgrade @angular-devkit/build-angular from 0.900.7 to 13.2.0 #115)
• 4d043f0 docs: ignore example
• 1ccc708 test: coverage ([Snyk] Fix for 1 vulnerabilities #111)
• 73773e2 test: validate options ([Snyk] Security upgrade @angular-devkit/build-angular from 0.900.7 to 0.1102.18 #110)
• 0d77b18 refactor: code
• 2ceba27 test: code ([Snyk] Security upgrade @angular-devkit/build-angular from 0.803.29 to 0.1102.18 #108)
• 1e785a1 fix: use webpack fs ([Snyk] Security upgrade @vue/cli-service from 3.12.1 to 4.0.0 #105)
• 01b3812 refactor: code ([Snyk] Security upgrade karma from 4.3.0 to 6.3.14 #104)
• 4c39c22 fix: perf and crashing ([Snyk] Fix for 1 vulnerabilities #101)
• b64f7d8 fix: absolute path for sources and add sources in dependendencies
• c18d1f9 feat: indexed-sourcemap
• 526c229 test: refactor ([Snyk] Fix for 1 vulnerabilities #97)
• 7f769aa fix: avoid crash on big data URL source maps
• 2da2b2e chore(defaults): update ([Snyk] Security upgrade react-dev-utils from 11.0.4 to 12.0.0 #95)

See the full diff

Package name: style-loader

The new version differs by 76 commits.

• 171a747 chore(release): 1.1.4
• af1b4a9 chore(deps): update
• a003f05 docs: add links for the options table ([Snyk] Fix for 1 vulnerabilities #460)
• 2756e03 chore(release): 1.1.3
• 236b243 fix: injection algorithm ([Snyk] Fix for 1 vulnerabilities #456)
• 36bd8f1 docs: fix typos ([Snyk] Security upgrade jest from 25.5.4 to 29.0.0 #453)
• de38c39 chore(release): 1.1.2
• 91ceaf2 fix: algorithm for importing modules ([Snyk] Security upgrade jest from 25.5.4 to 29.0.0 #449)
• 1138ed7 fix: checking that the list of modules is an array ([Snyk] Fix for 2 vulnerabilities #448)
• aa418dd chore(release): 1.1.1
• 7ee8b04 fix: add empty default export for `linkTag` value
• c69ea6c chore(release): 1.1.0
• c7d6e3a fix: order of imported styles ([Snyk] Fix for 1 vulnerabilities #443)
• a283b30 test: more manual test ([Snyk] Fix for 1 vulnerabilities #442)
• 3415266 feat: `esModule` option ([Snyk] Security upgrade jest from 25.5.4 to 29.0.0 #441)
• 907aed8 test: refactor ([Snyk] Security upgrade jest from 25.5.4 to 27.0.0 #440)
• 28e1628 refactor: code ([Snyk] Security upgrade jest from 25.5.4 to 27.0.0 #438)
• 5c51b90 refactor: cjs ([Snyk] Security upgrade jest from 25.5.4 to 27.0.0 #437)
• 609263a test: refactor
• 7768fce chore(release): 1.0.2
• dcbfadb fix: support ES module syntax ([Snyk] Fix for 5 vulnerabilities #435)
• d515edc chore(deps): update ([Snyk] Fix for 12 vulnerabilities #434)
• 4c1e3f3 docs: fixed typo 'doom' to 'DOM' in README.md ([Snyk] Fix for 18 vulnerabilities #432)
• c6164d5 chore(release): 1.0.1

See the full diff

Package name: thread-loader

The new version differs by 27 commits.

• 470b6e6 chore(release): 3.0.0
• d0a8de4 chore(deps): update defaults ([Snyk] Security upgrade gatsby from 2.32.9 to 4.6.0 #100)
• aecad57 chore(deps-dev): bump lodash from 4.17.15 to 4.17.19 ([Snyk] Security upgrade react-dev-utils from 11.0.4 to 12.0.0 #95)
• 16bbc23 fix: getResolve ([Snyk] Security upgrade karma from 4.1.0 to 5.0.8 #99)
• 075e79e chore: update deps ([Snyk] Fix for 1 vulnerabilities #90)
• ea5c9ad fix: `loadModule` and `fs` are now available in a loader context ([Snyk] Security upgrade @angular-devkit/build-angular from 0.900.7 to 13.0.0 #88)
• 488300f chore(NA): update some old dependencies ([Snyk] Security upgrade optimize-css-assets-webpack-plugin from 5.0.8 to 6.0.0 #76)
• 177fa79 chore(release): 2.1.3
• 79758d0 fix: correct default for workerParallelJobs option ([Snyk] Security upgrade cssnano from 4.1.11 to 5.0.0 #74)
• b02d503 fix: do not allow empty or invalid node args when spin up child process ([Snyk] Security upgrade @angular-devkit/build-angular from 0.900.7 to 0.1102.11 #73)
• d529c77 chore(release): 2.1.2
• aec90b0 Fix lifecycle handling for signals ([Snyk] Security upgrade cypress from 4.12.1 to 5.0.0 #57)
• b5fc4f7 chore(release): 2.1.1
• d3a6664 perf: use `neo-async` instead of `async` ([Snyk] Security upgrade @angular-devkit/build-angular from 0.900.7 to 0.901.9 #54)
• 5dbf449 chore(release): 2.1.0
• 76535bf feat: add poolRespawn flag to speed up incremental builds ([Snyk] Fix for 1 vulnerabilities #52)
• bfb6271 chore(release): 2.0.2
• fa02b60 fix: build hang ([Snyk] Fix for 1 vulnerabilities #53)
• f564c1c chore(release): 2.0.1
• f10fe55 fix: memory leaks, worker and main process lifecycles ([Snyk] Security upgrade @vue/cli-service from 3.12.1 to 4.2.0 #51)
• 9208e3b chore(release): 2.0.0
• 0f87683 fix: listen end events ([Snyk] Security upgrade @vue/cli-service from 3.12.1 to 4.1.2 #42)
• fcbd813 fix: calculate number of workers correctly ([Snyk] Security upgrade jest from 25.5.4 to 26.0.0 #49)
• 1f81d04 chore(deps): bump and audit dependencies with npm audit fix ([Snyk] Security upgrade protractor from 5.4.4 to 6.0.0 #47)

See the full diff

Package name: ts-loader

The new version differs by 231 commits.

• 268bc69 chore(deps): upgrade most production deps (Scroll to row programatically with virtual paging/infinite scrolling. ag-grid/ag-grid#1237)
• e160564 Add a cache to file path mapping ([select editor] allow providing keys and values to selectCellEditor ag-grid/ag-grid#1228)
• 14fa3f8 Add documentation about performance profiling (gridOptions.api.removeItems is not a function ag-grid/ag-grid#1230)
• 3cc78b8 Fix typo in README.md (processCellCallback ag-grid/ag-grid#1229)
• 8f2a509 Add documentation for the useCaseSensitiveFileNames option (gridOptions typescript missing onRowValueChanged event handler ag-grid/ag-grid#1227)
• 566e6ce Instead of checking date, check time thats more accurate to see if something has changed ([Feature request] Hook into column virtualization process to apply automatic resizing ag-grid/ag-grid#1217)
• 172ebeb Feature/typescript 4 1 (Column's filter does not work when filterChangedCallback is present on settings ag-grid/ag-grid#1213)
• 0816fe9 Add peer dependencies for Yarn PnP (startEditingCell fails for rows past number of rendered rows ag-grid/ag-grid#1209)
• 4909d99 Fixed missing errors in watch mode in webpack5 ([component header] headerCellTemplate memory leak and loss of state when using React component ag-grid/ag-grid#1208)
• 3f73e98 Fix failed builds when using thread-loader (Add CDNJS version badge in readme ag-grid/ag-grid#1207)
• e90f8ad Fix memory leak when using multiple webpack instances (Can't disable filters that are enabled by default (touch device) ag-grid/ag-grid#1205)
• 95050eb Speeds up project reference build and doesnt store the result in memory (When i resize a col ,the content will become wider than header,how can I fix it? ag-grid/ag-grid#1202)
• f99c7c4 doc: escape pipe in table ([touch] Cell doubleclick does not work on iphone/ipad ag-grid/ag-grid#1201)
• 0b4a86d Replace afterCompile to stop webpack 5 warning (license key encryption ag-grid/ag-grid#1200)
• 6d8d601 Fixed deprecation warnings on webpack@5. ([popup] Close Filter Panel ag-grid/ag-grid#1195)
• cafc933 Fix installation link on README.md (Performance of grid with Rows having dropdown templates ag-grid/ag-grid#1192)
• f5e901e Bump http-proxy in /examples/react-babel-karma-gulp (fullWidthCellRendererFramework does not appear to work ag-grid/ag-grid#1182)
• 0767bce add github action status badge (请求的json数据太大导致表格显示过于缓慢的问题 ag-grid/ag-grid#1190)
• db5ea55 Feature/upgrade testpack to ts4 (Feature Clarification/Request-- Prevent columns from being added to group ag-grid/ag-grid#1189)
• 95b6fe8 Uses existing instance if config file is same as already built solution (Range selection fails in some cases when using virtual rowModel ag-grid/ag-grid#1177)
• b38678a Update minimum compiler version to 3.6.3 (Provide API method: autoSizeAllColumns(boolean: expandToFitGridWidth) ag-grid/ag-grid#1188)
• f8eba53 Add documentation and example code for projectReferences (Disable Move Column ag-grid/ag-grid#1184)
• 46d9761 Update docs to show transpileOnly does not affect project references (How to access external scope within aggrid onCellClicked ag-grid/ag-grid#1175)
• 0e64ceb Fix getOptionsHash when two options has different props but same values. (includeHeaders is always false ag-grid/ag-grid#1170)

See the full diff

Package name: url-loader

The new version differs by 31 commits.

• 8828d64 chore(release): 4.0.0
• fc8721f chore(deps): migrate on `mime-types` package ([Snyk] Security upgrade @angular-devkit/build-angular from 0.900.7 to 12.0.0 #209)
• f13757a chore(deps): update ([Snyk] Fix for 1 vulnerabilities #208)
• a2f127d fix: description on the `esModule` option ([Snyk] Fix for 5 vulnerabilities #204)
• 4301f87 chore(release): 3.0.0
• 3f0bbc5 refactor: next ([Snyk] Security upgrade @angular-devkit/build-angular from 0.900.7 to 13.3.6 #198)
• 2451157 chore(release): 2.3.0
• 0ee2b99 feat: new `esModules` option to output ES modules
• cbd1950 chore(release): 2.2.0
• 196110e fix: yarn pnp support ([Snyk] Security upgrade @vue/cli-service from 3.12.1 to 5.0.1 #195)
• 9431124 docs: improve documentation about `fallback` ([Snyk] Fix for 1 vulnerabilities #194)
• a251a23 chore(deps): update ([Snyk] Security upgrade @vue/cli-service from 3.12.1 to 5.0.1 #193)
• 2bffcfd fix: limit must allow infinity and max value ([Snyk] Security upgrade @vue/cli-service from 3.12.1 to 5.0.1 #192)
• 1b9dbd1 chore(release): 2.1.0
• f3d4dd2 feat: improved validation error messages ([Snyk] Security upgrade gatsby from 2.32.9 to 3.0.0 #187)
• 37c6acc chore(release): 2.0.1
• 4842f93 fix: allow using limit as string when you use loader with query string ([Snyk] Security upgrade karma from 4.3.0 to 6.0.0 #185)
• c0341da chore(defaults): update ([Snyk] Security upgrade karma from 4.1.0 to 6.0.0 #184)
• 78833ac chore(release): 2.0.0
• 4386b3e chore(deps): update ([Snyk] Security upgrade gatsby from 2.32.9 to 4.14.0 #182)
• 60d2cb3 feat: limit option can be boolean ([Snyk] Security upgrade react-dev-utils from 11.0.4 to 12.0.0 #181)
• d82e453 fix: `limit` should always be a number and 0 value handles as number ([Snyk] Security upgrade @angular-devkit/build-angular from 0.900.7 to 13.3.2 #180)
• 3c24545 fix: fallback loader will be used than limit is equal or greater ([Snyk] Security upgrade @angular-devkit/build-angular from 0.900.7 to 13.3.2 #179)
• a6705cc test: test svg scenario. [Snyk] Security upgrade lerna from 3.22.1 to 5.5.2 #176 ([Snyk] Fix for 2 vulnerabilities #177)

See the full diff

Package name: webpack

The new version differs by 250 commits.

• 610f368 5.0.0
• 5ce65c1 update examples
• bbe1230 Merge pull request #11628 from webpack/bugfix/real-content-hash
• 75ecff2 5.0.0-rc.6
• bfc35d6 Merge pull request #11603 from MayaWolf/master
• 76e8cbd Merge pull request #11622 from webpack/dependabot/npm_and_yarn/types/node-13.13.25
• 9fd1be2 chore(deps-dev): bump @ types/node from 13.13.23 to 13.13.25
• 36bcfaa Merge pull request #11621 from webpack/bugfix/11619
• 9130d10 fix called variables with ProvidePlugin
• 3e42105 Merge pull request #11620 from webpack/bugfix/11617
• 4709719 skip connections copied to concatenated module
• 57b493f 5.0.0-rc.5
• 1658e2f Merge pull request #11618 from webpack/bugfix/11615
• a8fb45d fixes crash in SideEffectsFlagPlugin
• 84b196d emit error instead of crashing when unexpected problem occurs
• 5573fed Merge pull request #11601 from Hornwitser/improve-suggested-polyfill-config
• 9b5cce9 Merge pull request #11609 from snitin315/export-types
• 37c495c export type RuleSetUseItem
• 39faf34 export type RuleSetUse
• e5fd246 export type RuleSetConditionAbsolute
• 660baad export RuleSetCondition types
• 13e3ca5 Merge pull request #11602 from webpack/bugfix/shared-runtime-chunk
• 9c0587e Merge pull request #11606 from webpack/dependabot/npm_and_yarn/simple-git-2.21.0
• 502d166 Merge pull request #11607 from webpack/dependabot/npm_and_yarn/acorn-8.0.4

See the full diff

Package name: webpack-cli

The new version differs by 250 commits.

• fb50f76 chore(release): publish new version
• 2c75aeb chore: new version of the packages
• 0d05c30 chore(release): publish %s
• 3f9e151 chore: fix lerna config
• 2c1e34c tests(generator): enhance init generator tests (Cannot access service in CellRenderer ag-grid/ag-grid#1236)
• 6ee61b9 Fix loader-generator and plugin-generator tests (Filter reset using setFilterModel(null) not working with remote data/virtual paging ag-grid/ag-grid#1250)
• 52956a2 Fixing the typos and grammatical errors in Readme files (how to set grid height dynamically based on row count? ag-grid/ag-grid#1246)
• 7faaed2 chore: update Bug_report & Feature_request Templates (Any way to prevent cells in a column from being destroyed when calling setRowData()? ag-grid/ag-grid#1256)
• 7a5b33d feat(webpack-cli): added mode argument (Set Cursor at the end of text. ag-grid/ag-grid#1253)
• 3715756 tests(webpack-cli): add test case for defaults flag (prevent doubleclick editing of cells ag-grid/ag-grid#1254)
• a7cba2f chore: project maintanance and typescript fix (export to excel ag-grid/ag-grid#1247)
• 7748472 chore: ignore package-lock.json and remove its references (sizeColumnsToFit not working if we call that api from column moved event ag-grid/ag-grid#1252)
• a014aa7 docs: fix supported arguments & commands link in README (Add row without redrawing existing ag-grid/ag-grid#1244)
• 06129a1 feat(webpack-cli): add progress bar for progress flag (double Click is not working on cell of ag-grid. ag-grid/ag-grid#1238)
• 6cc6a49 chore: post refactor CLI (Scroll to row programatically with virtual paging/infinite scrolling. ag-grid/ag-grid#1237)
• 358651e chore: move cli under lerna package (forPrint option breaks ag-grid ag-grid/ag-grid#1225)
• 2dc495a fix(init): fix webpack config scaffold (disable ag-grid ag-grid/ag-grid#1231)
• 1ab62d2 tests(generator): add tests for plugin generator (Filter popup is unaligned and remains visible on horizontal scroll ag-grid/ag-grid#1235)
• d2dd0c1 tests(sourcemap): fix flaky stats statement (Debounce for filter input ag-grid/ag-grid#1232)
• f6dc680 tests(loader-generator): add tests for loader generator ([angular1] Angular 1.X Scope Based Child Grid not getting destroyed (Memory Leak) ag-grid/ag-grid#1234)
• 35d1381 tests(generator): enable init generator test (Cell Editor Documentation Typo ag-grid/ag-grid#1233)
• 66cdcb6 chore(generator): remove transpiled tests (processCellCallback ag-grid/ag-grid#1229)
• f29a170 fix(init): fix the invalid package name ([select editor] allow providing keys and values to selectCellEditor ag-grid/ag-grid#1228)
• 8c3a66d chore(cli): updated changelog of v3 (sizeColumnsToFit issue ag-grid/ag-grid#1224)

See the full diff

Package name: webpack-stream

The new version differs by 60 commits.

• 30a6da0 v7.0.0
• c2d19fd semistandard fixes
• 7805d59 Remove config.watch setting re-introduced from my bad merging
• 6395f19 Merge branch 'master' of github.com:shama/webpack-stream
• 7c24e86 Merge pull request [Snyk] Security upgrade @vue/cli-service from 3.12.1 to 5.0.1 #212 from azt3k/master
• 3fc84f0 Merge branch 'master' into master
• 027135e Update comments to indicate it works with webpack 4 and 5
• bb7cd85 Merge branch 'master' of github.com:shama/webpack-stream
• 3287835 Merge pull request [Snyk] Security upgrade @vue/cli-service from 3.12.1 to 5.0.1 #214 from the-ress/watch-message
• 141e063 Update watch for gulp >= 4
• 991d108 Merge pull request [Snyk] Fix for 1 vulnerabilities #225 from emme1444/config-file-path
• 348eab2 Use const over var in docs
• 2b31461 Update copyright to 2021
• fdd5809 Update node engine to >= 10
• 80e0ba8 Updating dependencies
• 5759a17 Updating for semistandard@16.0.1
• 2ff8a4f Merge pull request [Snyk] Security upgrade @angular-devkit/build-angular from 0.803.29 to 13.3.10 #235 from marekdedic/webpack-5
• ff485fe Merge pull request [Snyk] Security upgrade @vue/cli-service from 3.12.1 to 5.0.1 #234 from marekdedic/webpack-peer-dependency
• 1baead2 Removed tests on Node 8
• f33fc04 Switched from hash to contenthash
• 0e30a7b Test: Fixed different chunk names in webpack 5
• 5bb70d1 Test: updated expected error message
• 99a1c03 Building in production mode by default
• 01ffd76 Updated to webpack 5

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: *You are seeing this because you or someone ...

[secure-code-warrior-for-github]

Micro-Learning Topic: Prototype pollution (Detected by phrase)

Matched on "Prototype Pollution"

What is this? (2min video)

By adding or modifying attributes of an object prototype, it is possible to create attributes that exist on every object, or replace critical attributes with malicious ones. This can be problematic if the software depends on existence or non-existence of certain attributes, or uses pre-defined attributes of object prototype (such as hasOwnProperty, toString or valueOf).

Try a challenge in Secure Code Warrior