[Snyk] Fix for 1 vulnerabilities

[paulbaudrier]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/slate-tools/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: css-loader

The new version differs by 82 commits.

• 634ab49 chore(release): 2.0.0
• 6ade2d0 refactor: remove unused file (Unhandled exception: socket hang up. Shopify/slate#860)
• e7525c9 test: nested url (Calling assets from inside React components Shopify/slate#859)
• 7259faa test: css hacks (Styling password.liquid (again) Shopify/slate#858)
• 5e6034c feat: allow to filter import at-rules (Local development chapter in the wiki seems to have been accidentally overwritten.  Shopify/slate#857)
• 5e702e7 feat: allow filtering urls (Allow sections to consist of multiple file types contained within a folder Shopify/slate#856)
• 9642aa5 test: css stuff (Only files in scripts/templates/ folder should be used as Webpack entrypoints Shopify/slate#855)
• 3338656 fix: reduce number of require for url (Template and layout bundling not working per the documentation Shopify/slate#854)
• 533abbe test: issue 636 (Randomly started getting an error about an invalid webpack configuration after I added some files to /src/assets/scripts/ Shopify/slate#853)
• 08c551c refactor: better warning on invalid url resolution (Add 'network.externalTesting.address' config Shopify/slate#852)
• b0aa159 test: issue [V0] Slate Migrate null config.yml and incorrect package.json Shopify/slate#589 (yarn start issues - SyntaxError: Invalid shorthand property initializer  Shopify/slate#851)
• f599c70 fix: broken unucode characters (Simplify Slate assets Shopify/slate#850)
• 1e551f3 test: issue 286 (Change link in documentation – Connect your own store Shopify/slate#849)
• 419d27b docs: improve readme (Broken link in wiki Shopify/slate#848)
• d94a698 refactor: webpack-default (Multiple ignores separated by : fail to ignore additional files Shopify/slate#847)
• b97d997 feat: schema options
• 453248f fix: support module resolution in composes (Need way to override domains in external URLs by defining them in slate.config.js Shopify/slate#845)
• 8a6ea10 refactor: postcss plugins (Enable CLA Bot (again) Shopify/slate#844)
• fdcf687 fix: url resolving logic (Import JS into theme and have it build Shopify/slate#843)
• 889dc7f feat: allow to disable css modules and disable their by default (Revert "Enable CLA bot" Shopify/slate#842)
• ee2d253 test: importLoaders option (Fix License link Shopify/slate#841)
• 1dad1fb feat: reuse postcss ast from other loaders (i.e `postcss-loader`) (Fix License link Shopify/slate#840)
• fe94ebc test: icss reserved keywords (Incremental Builds  Shopify/slate#839)
• 9eaba66 refactor: migrate on message api for postcss-icss-plugin (Add SSL check script to a convenient yarn command Shopify/slate#838)

See the full diff

Package name: html-webpack-plugin

The new version differs by 250 commits.

• 873d75b chore(release): 5.5.0
• ddeb774 chore: update examples
• 1e42625 feat: Support type=module via scriptLoading option
• 7d3645b Bump pretty-error to 4.0.0 to fix transitive vuln for ansi-regex CVE-2021-3807
• 79be779 [chore] changes actions to run on pull_requests
• b7e5859 [chore] fixes CI to avoid race conditions
• 48131d3 chore(release): 5.4.0
• 16a841a [chore] rebuild examples
• 3bb7c17 Update index.js
• e38ac97 Update index.js
• f08bd02 [chore] updates fixtures
• d62a10f [chore] upgrades [email protected] -> 6.0.2
• 2f5de7a Remove archived plugin
• 8f8f7c5 chore(release): 5.3.2
• 053c6e6 chore: update snapshot tests for webpack 5.4.0
• 9c7fba0 Fix security vulnerabilities
• b98fbeb Fix security vulnerabilities
• 25cdfc7 Added inject-body-webpack-plugin to readme
• 0e4c1fb Update README to document actual behavior
• 0a6568d chore(release): 5.3.1
• 82d0ee8 fix: remove loader-utils from plugin core
• 6f39192 chore(release): 5.3.0
• d654f5b feat: allow to modify the interpolation options in webpack config
• 41d7a50 feat: drop loader-utils dependency

See the full diff

Package name: img-loader

The new version differs by 7 commits.

• 25c4e7a Merge pull request [Snyk] Security upgrade axios from 0.18.1 to 0.21.1 #30 from thetalecrafter/next
• 77c4d67 fix bad link to loader docs
• b9dda91 add migration info to readme
• ab4dc2c require imagemin on demand so default passthough can succeed without it
• f0a2639 move imagemin to peer, plugin loading to client, and test with webpack 4
• 412f0ce Merge pull request [Snyk] Security upgrade jest from 22.4.2 to 26.0.0 #27 from thetalecrafter/greenkeeper/standard-11.0.0
• d06c7c3 chore(package): update standard to version 11.0.0

See the full diff

Package name: node-sass

The new version differs by 74 commits.

• 99242d7 7.0.1
• 77049d1 build(deps): bump sass-graph from 2.2.5 to 4.0.0 (#3224)
• c929f25 build(deps): bump node-gyp from 7.1.2 to 8.4.1 (#3209)
• 918dcb3 Lint fix
• 0a21792 Set rejectUnauthorized to true by default (#3149)
• e80d4af chore: Drop EOL Node 15 (#3122)
• d753397 feat: Add Node 17 support (#3195)
• dcf2e75 build(deps-dev): bump eslint from 7.32.0 to 8.0.0
• bfa1a3c build(deps): bump actions/setup-node from 2.4.0 to 2.4.1
• 80d6c00 chore: Windows x86 on GitHub Actions (#3041)
• 566dc27 build(deps-dev): bump fs-extra from 0.30.0 to 10.0.0 (#3102)
• 7bb5157 build(deps): bump npmlog from 4.1.2 to 5.0.0 (#3156)
• 2efb38f build(deps): bump chalk from 1.1.3 to 4.1.2 (#3161)
• fca5257 build(deps): bump actions/setup-node from 2.3.0 to 2.4.0
• 6200b21 docs: Double word "support" (#3159)
• eaf791a build(deps): bump actions/setup-node from 2.1.5 to 2.3.0
• 16b8d4b build(deps): bump coverallsapp/github-action from 1.1.2 to 1.1.3
• c167004 6.0.1
• 911d4db remove mkdirp dep (#3108)
• 30a52f7 build(deps): bump meow from 3.7.0 to 9.0.0
• 7e08463 build(deps-dev): bump mocha from 8.4.0 to 9.0.1
• cfcbb2c chore: Use default Apline version from docker-node (#3121)
• 886319b chore: Drop Node 10 support
• c908f4f fix: Bump OSX minimum to 10.11

See the full diff

Package name: webpack-hot-middleware

The new version differs by 90 commits.

• e140693 2.25.1
• 3d5018a Merge pull request Slate tools refactor Shopify/slate#413 from nttibbetts/replace-ansi-html
• 90551e5 use public npm registry, not private one
• adeeade fix: replace ansi-html with ansi-html-community to fix vulnerability
• f0ffa4c Resolve weird desync in package lock
• 0f5e3e9 Use old-style require syntax to keep the linter happy
• aa38d42 Bump ansi/html encoding deps
• 2c31df1 Bump example dependencies
• d156bbc Simplify CI setup
• 0635d00 Replace istanbul with nyc
• 04fa8c8 Apply prettier formatting updates
• b81cfd5 Update eslint and prettier
• c98216a Upgrade test dependencies
• cb29abb 2.25.0
• bbffbe6 Merge branch 'master' of github.com:webpack-contrib/webpack-hot-middleware
• 82dd483 Merge pull request Using Ampersand does nothing in theme.scss Shopify/slate#360 from jimblue/master
• e2b49ff improved client overlay style
• c430265 2.24.4
• fe33d59 Merge pull request Prefix mixin conditionals were not supporting 'all', fixed to allow Shopify/slate#355 from okcoker/ansi-color-fix
• 331ad96 Merge branch 'master' into ansi-color-fix
• f6609e4 Bump deps to sort audit out
• e605d10 Fix ansi colors
• 036bf30 Merge pull request Updated Apple Pay icon Shopify/slate#354 from Hacksign/master
• f2b477d Resolve Code under example folder do not work. webpack-contrib/webpack-hot-middleware#353

See the full diff

Package name: yargs

The new version differs by 106 commits.

• a6e67f1 chore(release): 13.2.4
• fc13476 chore: update standard-verison dependency
• bf46813 fix(i18n): rename unclear 'implication failed' to 'missing dependent arguments' (#1317)
• a3a5d05 docs: fix a broken link to MS Terminology Search (#1341)
• b4f8018 build: add .versionrc that hides test/build
• 0c39183 chore(release): 13.2.3
• 08e0746 chore: update deps (#1340)
• 843e939 docs: make `--no-` boolean prefix easier to find in the docs (#1338)
• 84cac07 docs: restore removed changelog of v13.2.0 (#1337)
• b20db65 fix(deps): upgrade cliui for compatibility with latest chalk. (#1330)
• c294d1b test: accept differently formatted output (#1327)
• ac3f10c chore: move .hbs templates into .js to facilitate webpacking (#1320)
• 0295132 fix: address issues with dutch translation (#1316)
• 9f2468e doc: clarify parserConfiguration object structure (#1309)
• e7f2937 chore(release): 13.2.2
• edd0bb5 test: correct test description
• 03a9523 chore: forgoing dropping Node 6 until yargs@14 (#1308)
• 14920d1 docs: remove --save option as it isn't required anymore (#1301)
• 545c7f1 test: slightly reworded one test
• 4375680 chore(release): 13.2.1
• dfcaa68 test: slight edit to test wording
• 3180224 fix: add zsh script to files array
• 0a96394 fix: support options/sub-commands in zsh completion
• 48249a2 chore(release): 13.2.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.