[Snyk] Upgrade css-loader from 5.0.1 to 5.2.6

[snyk-bot]

Snyk has created this PR to upgrade css-loader from 5.0.1 to 5.2.6.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 13 versions ahead of your current version.
• The recommended version was released 2 months ago, on 2021-05-24.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1246392	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SSRI-1085630	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Command Injection SNYK-JS-LODASH-1040724	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Improper Input Validation SNYK-JS-URLPARSE-1078283	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Arbitrary Code Injection SNYK-JS-UNDERSCORE-1080984	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-PATHVAL-596926	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Cross-site Scripting (XSS) SNYK-JS-NEXTCLOUDDIALOGS-1245465	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Cross-site Scripting (XSS) SNYK-JS-NEXTCLOUDDIALOGS-1245465	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-HANDLEBARS-1279029	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Remote Code Execution (RCE) SNYK-JS-HANDLEBARS-1056767	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Server-Side Request Forgery (SSRF) SNYK-JS-AXIOS-1038255	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Server-Side Request Forgery (SSRF) SNYK-JS-AXIOS-1038255	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-STRIPTAGS-1312310	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: css-loader

• 5.2.6 - 2021-05-24
  

  5.2.6 (2021-05-24)

  Bug Fixes

  • always write locals export when css modules/icss enabled (#1315) (075d9bd)
• 5.2.5 - 2021-05-20
  

  5.2.5 (2021-05-20)

  Bug Fixes

  • compatibility with named export and es5 (#1314) (0cf8cde)
• 5.2.4 - 2021-04-19
  

  5.2.4 (2021-04-19)

  Bug Fixes

  • do not crash on 'false' aliases (#1292) (e913cb1)
• 5.2.3 - 2021-04-19
  

  5.2.3 (2021-04-19)

  Bug Fixes

  • improve performance
• 5.2.2 - 2021-04-16
  

  5.2.2 (2021-04-16)

  Bug Fixes

  • avoid escape nonASCII characters in local names (0722733)
• 5.2.1 - 2021-04-09
  

  5.2.1 (2021-04-09)

  Bug Fixes

  • do not crash on unescaped svg data uri (#1288) (4f289c5)
• 5.2.0 - 2021-03-24
  

  5.2.0 (2021-03-24)

  Features

  • support async functions for url and import options (#1277) (c5062db)
• 5.1.4 - 2021-03-24
  

  5.1.4 (2021-03-24)

  Bug Fixes

  • crash with thread-loader (#1281) (7095a7c)
• 5.1.3 - 2021-03-15
  

  5.1.3 (2021-03-15)

  Bug Fixes

  • the auto option works using inline module syntax (#1274) (1db2f4d)
  • ident generation for CSS modules using inline module syntax (#1274) (1db2f4d)
• 5.1.2 - 2021-03-10
  

  5.1.2 (2021-03-10)

  Bug Fixes

  • handling @ import with spaces before and after and any extensions (#1272) (0c47cf7)
  • inline loader syntax in @ import and modules (3f49ed0)
• 5.1.1 - 2021-03-01
• 5.1.0 - 2021-02-25
• 5.0.2 - 2021-02-08
• 5.0.1 - 2020-11-04

from css-loader GitHub release notes

Commit messages

Package name: css-loader

• d31c680 chore(release): 5.2.6
• 075d9bd fix: always write locals export when css modules/icss enabled ([3rdparty] PasswordCompat is no longer required nextcloud/server#1315)
• fa9d4c4 chore(release): 5.2.5
• 0cf8cde fix: compatibility with named export and es5 (Fix PHPUnit warnings on NODB runs nextcloud/server#1314)
• 8f1a6fc chore: `husky` updated ([stable10] Fix update notification nextcloud/server#1312)
• 417aaba docs: recommend ([stable9] Fix layout of success message and text nextcloud/server#1313)
• ab92c82 chore: removed `camelCase` package from dependencies (Add a docs link when given nextcloud/server#1311)
• a3ca8c0 chore(deps): update (dont show shares you own in "shared with you" nextcloud/server#1310)
• bb2a649 docs: clarify behavior of URL option (WebDav file locking to prevent overwrites nextcloud/server#1308)
• 13b7458 chore(release): 5.2.4
• e913cb1 fix: do not crash on 'false' aliases (Add icon for the theming app nextcloud/server#1292)
• 2388439 chore(release): 5.2.3
• 911f02d perf: improve (theming: unable to override images under core/img/filetypes nextcloud/server#1290)
• 4f10583 chore(release): 5.2.2
• 0722733 fix: avoid escape nonASCII characters in local names
• 2599438 chore(release): 5.2.1
• 4f289c5 fix: do not crash on unescaped svg data uri ([stable10] Allow to call status.php before the instance is installed nextcloud/server#1288)
• dcce860 chore(release): 5.2.0
• 263427e refactor: code
• c5062db feat: support async functions for `url` and `import` options (Email notification about new share nextcloud/server#1277)
• c86ff94 chore(release): 5.1.4
• 7095a7c fix: crash with thread-loader ([stable9] Add theming information to capabilities for the client nextcloud/server#1281)
• e194e6b chore(release): 5.1.3
• 1db2f4d fix: the `auto` option for inline module syntax (Make it possible to perform group operations on search results nextcloud/server#1274)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs