wavelert
wavelert copied to clipboard
walaura
[Snyk] Security upgrade postcss-modules from 1.4.1 to 4.3.0
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5 |
Prototype Pollution SNYK-JS-LOADERUTILS-3043105 |
Yes | No Known Exploit |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: postcss-modules
The new version differs by 76 commits.- d7cefc4 4.3.0
- 8737b69 Update changelog
- cf9e208 Update package-lock.json
- 5bd346c Upgrade generic-names
- b7e0d41 Update copyright note
- ad74258 Added the sponsors section
- f04b178 4.2.2
- 7187d8b Update changelog
- d97957b 4.2.1
- 9447630 Update changelog
- b765440 feat: provide an unquoted path argument for opt.resolve(path)
- 9dd0c25 4.2.0
- 1cf7c88 Update changelog
- 8df67c9 feat(#13): add custom lookup path option (#126)
- ebd30f7 Update README.md
- 6505fea Update FUNDING.yml
- 280585b Create FUNDING.yml
- 64c7749 Fix makefile
- c60790a Update publish target
- 8166dd0 4.1.3
- 71b12f2 Fix packaging and publishing
- 02513a0 4.1.2
- a4f4808 4.1.1
- 45bae67 Update changelog
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
