[Snyk] Fix for 1 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • examples/hugo/themes/ananke/src/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: css-loader

The new version differs by 231 commits.

• 7857d8f chore(release): 4.0.0
• 5604205 feat: support `file:` protocol
• 5303db2 chore(deps): update (Add output mode option to logs command vercel/vercel#1131)
• 9aa0549 chore(deps): update
• a54c955 test: imports
• 5b45d87 test: support in `@ import` at-rule
• 83515fa refactor: code
• 1c20b1e fix: parsing
• 7f49a0a feat: `@ value` supports importing `url()` (Corrected whitelisting mechanism for now.json vercel/vercel#1126)
• 791fff3 refactor: named export (Split OSS confirmation into multiple lines vercel/vercel#1125)
• 01e8c76 refactor: change function arguments of the `import` option (Perfected OSS confirmation prompt vercel/vercel#1124)
• c153fe6 refactor: improve schema options (Invalid name parameter on CNAME vercel/vercel#1123)
• 58b4b98 test: unresolved (now domains add should ask confirmation before making a zeit.world migration vercel/vercel#1122)
• d2f6bd2 refactor: getLocalIdent function (Removed whois fallback vercel/vercel#1121)
• 069dbb0 refactor: the `modules.localsConvention` option was renamed to the `modules.exportLocalsConvention` option (Cannot run project local installed version vercel/vercel#1120)
• fc04401 refactor: the `modules.context` option was renamed to the `modules.localIdentContext` option (Set MY_CUSTOM_URL from NOW_URL when deploying vercel/vercel#1119)
• 3a96a3d refactor: the `hashPrefix` option was renamed to the `localIdentHashPrefix` option (Deployment failure with own babelrc and webpack config vercel/vercel#1118)
• 0080f88 refactor: default values `modules` and `module.auto` are true (Support jpeg on libvips vercel/vercel#1117)
• e1c55e4 refactor: rename the `onlyLocals` option (Added more missing console.logs vercel/vercel#1116)
• ac5f413 refactor: code
• a5c1b5f test: code coverange (Add now alias rm -y vercel/vercel#1114)
• 908ecee refactor: `esModule` option is `true` by default (File size limit exceeded (1 MB) on premium account vercel/vercel#1111)
• 7cca035 test: coverange (Fix the help message for session affinity vercel/vercel#1112)
• bc19ddd feat: improve `url()` resolving algorithm

See the full diff

Package name: file-loader

The new version differs by 102 commits.

• e44eb73 chore(release): 6.0.0
• ad39022 chore(deps): update (build(deps): bump minimatch from 3.0.4 to 3.1.2 in /examples/brunch #369)
• e1fe27c docs: update README.md ([Snyk] Security upgrade @dojo/cli-build-app from 6.0.9 to 7.0.5 #368)
• c2aded7 chore(release): 5.1.0
• cd8698b feat: support the `query` template for the `name` option ([Snyk] Security upgrade @docusaurus/core from 2.0.0-alpha.54 to 2.0.0 #366)
• 5703c58 chore(deps): update ([Snyk] Security upgrade @docusaurus/core from 2.0.0-alpha.48 to 2.0.0 #365)
• 521bff2 chore: remove duplicate prettier config file ([Snyk] Security upgrade @vue/cli-service from 3.12.1 to 5.0.1 #357)
• 5ffac2e refactor: added description on esModule ([Snyk] Security upgrade @angular-devkit/build-angular from 12.0.5 to 13.3.6 #358)
• 190829e docs: fix the description of the `esModule` option ([Snyk] Security upgrade recursive-readdir from 2.2.2 to 2.2.3 #348)
• f1b071c chore(release): 5.0.2
• 6431101 chore: add the `funding` field in `package.json` ([Snyk] Security upgrade react-scripts from 2.1.1 to 5.0.0 #347)
• 90302cd chore(release): 5.0.1
• 31d6589 fix: name of `esModule` option in source code ([Snyk] Fix for 1 vulnerabilities #346)
• 2a18cba chore(release): 5.0.0
• 98a6c1d refactor: next ([Snyk] Security upgrade @docusaurus/core from 2.0.0-alpha.54 to 2.0.0 #345)
• 0df6c8d chore(release): 4.3.0
• a2f5faf refactor: code ([Snyk] Security upgrade @docusaurus/core from 2.0.0-alpha.48 to 2.0.0 #344)
• 9b9cd8d feat: new options flag to output ES2015 modules ([Snyk] Fix for 1 vulnerabilities #340)
• ba0fd4c chore(release): 4.2.0
• 642ee74 docs: improve readme ([Snyk] Security upgrade rack from 2.2.2 to 3.0.0 #341)
• c136f44 feat: `postTransformPublicPath` option ([Snyk] Fix for 1 vulnerabilities #334)
• d441daa chore(release): 4.1.0
• 705eed4 feat: improved validation error messages ([Snyk] Fix for 1 vulnerabilities #339)
• d016daa chore(release): 4.0.0

See the full diff

Package name: postcss-loader

The new version differs by 143 commits.

• 792e217 chore(release): 4.0.0
• 598f36d docs: improve readme
• cad6f07 fix: avoid mutations of options and config (Bump json5 from 1.0.1 to 1.0.2 in /packages/now-cli/test/dev/fixtures/04-create-react-app #470)
• 77449e1 test: union (Bump json5 from 1.0.1 to 1.0.2 in /packages/now-cli/test/dev/fixtures/20-riot #469)
• 9b75888 feat: reuse AST from other loaders (Bump json5 from 1.0.1 to 1.0.2 in /packages/now-cli/test/dev/fixtures/handle-filesystem-missing #468)
• 5e4a77b fix: resolve `from` and `to` from config and options (Bump json5 from 1.0.1 to 1.0.2 in /packages/now-cli/test/dev/fixtures/nested-tsconfig #467)
• 225b2e5 refactor: do not validate `postcss` options (Bump json5 from 1.0.1 to 1.0.2 in /packages/now-cli/test/dev/fixtures/monorepo-dynamic-paths #466)
• 3d32c35 fix: `default` export for plugins (Bump json5 from 1.0.1 to 1.0.2 in /packages/now-cli/test/dev/fixtures/05-gatsby #465)
• 38ebe08 refactor: `execute` option (Bump json5 from 1.0.1 to 1.0.2 in /examples/docusaurus-2 #464)
• d0ea725 refactor: config loading
• 108d871 test: more
• b4d3bcc chore: remove unnecessary dev deps (Bump json5 from 2.1.3 to 2.2.3 in /packages/now-cli/test/dev/fixtures/21-charge #460)
• 475278c chore: move `postcss` to `peerDependencies` (Bump json5 from 1.0.1 to 1.0.2 in /packages/now-cli/test/dev/fixtures/10a-nextjs-routes #459)
• 98441ff fix: respect the `map` option and source maps (Bump json5 from 1.0.1 to 1.0.2 in /packages/now-cli/test/dev/fixtures/25-nextjs-src-dir #458)
• ba88040 refactor: do not pass meta from other loaders (Bump json5 from 2.1.1 to 2.2.2 #457)
• 25a16a0 refactor: source map code
• 677c2fe refactor: removed `inline` value for the `sourceMap` option (Bump json5 from 1.0.1 to 1.0.2 in /packages/now-cli/test/dev/fixtures/26-nextjs-secrets #454)
• d8d84f7 refactor: code ([Snyk] Security upgrade react-scripts from 2.1.1 to 4.0.0 #453)
• 3cd85df refactor: code
• 6eb44ed refactor: code
• 53da71a refactor: sourcemap paths
• d7bc470 feat: array syntax for plugins
• 2cd7614 refactor: code ([Snyk] Security upgrade @docusaurus/core from 2.0.0-alpha.54 to 2.0.0 #451)
• 60e4f12 docs: addDependency ([Snyk] Fix for 1 vulnerabilities #448)

See the full diff

Package name: style-loader

The new version differs by 141 commits.

• 171a747 chore(release): 1.1.4
• af1b4a9 chore(deps): update
• a003f05 docs: add links for the options table (Bump json5 from 2.1.3 to 2.2.3 in /packages/now-cli/test/dev/fixtures/21-charge #460)
• 2756e03 chore(release): 1.1.3
• 236b243 fix: injection algorithm (Bump json5 from 1.0.1 to 1.0.2 in /examples/ionic-angular #456)
• 36bd8f1 docs: fix typos ([Snyk] Security upgrade react-scripts from 2.1.1 to 4.0.0 #453)
• de38c39 chore(release): 1.1.2
• 91ceaf2 fix: algorithm for importing modules ([Snyk] Security upgrade rails from 5.2.6 to 5.2.6.3 #449)
• 1138ed7 fix: checking that the list of modules is an array ([Snyk] Fix for 1 vulnerabilities #448)
• aa418dd chore(release): 1.1.1
• 7ee8b04 fix: add empty default export for `linkTag` value
• c69ea6c chore(release): 1.1.0
• c7d6e3a fix: order of imported styles ([Snyk] Fix for 1 vulnerabilities #443)
• a283b30 test: more manual test ([Snyk] Security upgrade preact-cli from 2.2.1 to 3.2.0 #442)
• 3415266 feat: `esModule` option ([Snyk] Security upgrade next from 8.1.0 to 12.0.9 #441)
• 907aed8 test: refactor ([Snyk] Fix for 1 vulnerabilities #440)
• 28e1628 refactor: code ([Snyk] Security upgrade @angular-devkit/build-angular from 12.0.5 to 13.3.6 #438)
• 5c51b90 refactor: cjs ([Snyk] Fix for 1 vulnerabilities #437)
• 609263a test: refactor
• 7768fce chore(release): 1.0.2
• dcbfadb fix: support ES module syntax ([Snyk] Security upgrade react-scripts from 2.1.1 to 5.0.0 #435)
• d515edc chore(deps): update ([Snyk] Security upgrade rails from 5.2.6 to 5.2.6 #434)
• 4c1e3f3 docs: fixed typo 'doom' to 'DOM' in README.md (Bump node-fetch from 2.6.0 to 2.6.7 in /api #432)
• c6164d5 chore(release): 1.0.1

See the full diff

Package name: webpack

The new version differs by 250 commits.

• 610f368 5.0.0
• 5ce65c1 update examples
• bbe1230 Merge pull request #11628 from webpack/bugfix/real-content-hash
• 75ecff2 5.0.0-rc.6
• bfc35d6 Merge pull request #11603 from MayaWolf/master
• 76e8cbd Merge pull request #11622 from webpack/dependabot/npm_and_yarn/types/node-13.13.25
• 9fd1be2 chore(deps-dev): bump @ types/node from 13.13.23 to 13.13.25
• 36bcfaa Merge pull request #11621 from webpack/bugfix/11619
• 9130d10 fix called variables with ProvidePlugin
• 3e42105 Merge pull request #11620 from webpack/bugfix/11617
• 4709719 skip connections copied to concatenated module
• 57b493f 5.0.0-rc.5
• 1658e2f Merge pull request #11618 from webpack/bugfix/11615
• a8fb45d fixes crash in SideEffectsFlagPlugin
• 84b196d emit error instead of crashing when unexpected problem occurs
• 5573fed Merge pull request #11601 from Hornwitser/improve-suggested-polyfill-config
• 9b5cce9 Merge pull request #11609 from snitin315/export-types
• 37c495c export type RuleSetUseItem
• 39faf34 export type RuleSetUse
• e5fd246 export type RuleSetConditionAbsolute
• 660baad export RuleSetCondition types
• 13e3ca5 Merge pull request #11602 from webpack/bugfix/shared-runtime-chunk
• 9c0587e Merge pull request #11606 from webpack/dependabot/npm_and_yarn/simple-git-2.21.0
• 502d166 Merge pull request #11607 from webpack/dependabot/npm_and_yarn/acorn-8.0.4

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution