Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Snyk] Upgrade css-loader from 3.6.0 to 6.7.1 #99

Closed
wants to merge 1 commit into from
Closed

[Snyk] Upgrade css-loader from 3.6.0 to 6.7.1 #99

wants to merge 1 commit into from

Conversation

cssecautomation
Copy link

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade css-loader from 3.6.0 to 6.7.1.

merge advice
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Warning: This is a major version upgrade, and may be a breaking change.

  • The recommended version is 33 versions ahead of your current version.
  • The recommended version was released 8 months ago, on 2022-03-08.
Release notes
Package name: css-loader
  • 6.7.1 - 2022-03-08

    6.7.1 (2022-03-08)

    Bug Fixes

  • 6.7.0 - 2022-03-04

    6.7.0 (2022-03-04)

    Features

  • 6.6.0 - 2022-02-02

    6.6.0 (2022-02-02)

    Features

    • added the hashStrategy option (ca4abce)
  • 6.5.1 - 2021-11-03

    6.5.1 (2021-11-03)

    Bug Fixes

    • regression with unicode characters in locals (b7a8441)
    • runtime path generation (#1393) (feafea8)
  • 6.5.0 - 2021-10-26

    6.5.0 (2021-10-26)

    Features

    • support absolute URL in url() when experiments.buildHttp enabled (#1389) (8946be4)

    Bug Fixes

    • respect nosources in the devtool option (c60eff2)
  • 6.4.0 - 2021-10-09

    6.4.0 (2021-10-09)

    Features

    • generate more collision resistant for locals (c7db752)

    Bug Fixes

    • classes generation for client and server bundling (303a3a1)
  • 6.3.0 - 2021-09-18

    6.3.0 (2021-09-18)

    Features

    • added [folder] placeholder (a0dee4f)
    • added the exportType option with 'array', 'string' and 'css-style-sheet' values (c6d2066)
      • 'array' - the default export is Array with API for style-loader and other
      • 'string' - the default export is String you don't need to-string-loader loader anymore
      • 'css-style-sheet' - the default export is a constructable stylesheet, you can use import sheet from './styles.css' assert { type: 'css' }; like in a browser, more information you can find here
    • supported supports() and layer() functions in @ import at-rules (#1377) (bce2c17)
    • fix multiple merging multiple @ media at-rules (#1377) (bce2c17)

    Bug Fixes

  • 6.2.0 - 2021-07-19

    6.2.0 (2021-07-19)

    Features

    • allow the exportLocalsConvention option can be a function useful for named export (#1351) (3c4b357)
  • 6.1.0 - 2021-07-17

    6.1.0 (2021-07-17)

    Features

    Bug Fixes

  • 6.0.0 - 2021-07-15

    6.0.0 (2021-07-14)

    Notes

    • using ~ is deprecated when the esModules option is enabled (enabled by default) and can be removed from your code (we recommend it) (url(~package/image.png) -> url(package/image.png), @ import url(~package/style.css) -> @ import url(package/style.css), composes: import from '~package/one.css'; -> composes: import from 'package/one.css';), but we still support it for historical reasons. Why can you remove it? The loader will first try to resolve @ import/url()/etc as relative, if it cannot be resolved, the loader will try to resolve @ import/url()/etc inside node_modules or modules directories.
    • file-loader and url-loader are deprecated, please migrate on asset modules, since v6 css-loader is generating new URL(...) syntax, it enables by default built-in assets modules, i.e. type: 'asset' for all url()

    ⚠ BREAKING CHANGES

    • minimum supported Node.js version is 12.13.0
    • minimum supported webpack version is 5, we recommend to update to the latest version for better performance
    • for url and import options Function type was removed in favor Object type with the filter property, i.e. before { url: () => true }, now { url: { filter: () => true } } and before { import: () => true }, now { import: { filter: () => true } }
    • the modules.compileType option was removed in favor the modules.mode option with icss value, also the modules option can have icss string value
    • new URL() syntax used for url(), only when the esModules option is enabled (enabled by default), it means you can bundle CSS for libraries
    • data URI are handling in url(), it means you can register loaders for them, example
    • aliases with false value for url() now generate empty data URI (i.e. data:0,), only when the esModules option is enabled (enabled by default)
    • [ext] placeholder don't need . (dot) before for the localIdentName option, i.e. please change .[ext] on [ext] (no dot before)
    • [folder] placeholder was removed without replacement for the localIdentName option, please use a custom function if you need complex logic
    • [emoji] placeholder was removed without replacement for the localIdentName option, please use a custom function if you need complex logic
    • the localIdentHashPrefix was removed in favor the localIdentHashSalt option

    Features

    • supported resolve.byDependency.css resolve options for @ import
    • supported resolve.byDependency.icss resolve CSS modules and ICSS imports (i.e. composes/etc)
    • added modules.localIdentHashFunction, modules.localIdentHashDigest, modules.localIdentHashDigestLength options for better class hashing controlling
    • less dependencies

    Bug Fixes

    • better performance
    • fixed circular @ import
  • 5.2.7 - 2021-07-13
  • 5.2.6 - 2021-05-24
  • 5.2.5 - 2021-05-20
  • 5.2.4 - 2021-04-19
  • 5.2.3 - 2021-04-19
  • 5.2.2 - 2021-04-16
  • 5.2.1 - 2021-04-09
  • 5.2.0 - 2021-03-24
  • 5.1.4 - 2021-03-24
  • 5.1.3 - 2021-03-15
  • 5.1.2 - 2021-03-10
  • 5.1.1 - 2021-03-01
  • 5.1.0 - 2021-02-25
  • 5.0.2 - 2021-02-08
  • 5.0.1 - 2020-11-04
  • 5.0.0 - 2020-10-13
  • 4.3.0 - 2020-09-08
  • 4.2.2 - 2020-08-24
  • 4.2.1 - 2020-08-06
  • 4.2.0 - 2020-07-31
  • 4.1.1 - 2020-07-30
  • 4.1.0 - 2020-07-29
  • 4.0.0 - 2020-07-25
  • 3.6.0 - 2020-06-13
from css-loader GitHub release notes
Commit messages
Package name: css-loader
  • 830fe2c chore(release): 6.7.1
  • 74dac1e fix: defaultGetLocalIdent export (#1427)
  • 84b552a chore(release): 6.7.0
  • 207cf36 feat: re-export defaultGetLocalIdent (#1423)
  • f0e20e6 chore: upgrade dependencies to the latest version (#1425)
  • 4dede55 docs(readme): added types (#1418)
  • e16ba4d chore(deps): bump nanoid from 3.1.30 to 3.2.0 (#1412)
  • 76ad29f docs: add yarn and pnpm installation commands (#1417)
  • 67bb937 chore: upgrade dependencies to the latest version (#1416)
  • 5d6be09 chore(release): v6.6.0
  • ca4abce feat: added the `hashStrategy` option
  • 3240394 ci: fix (#1413)
  • c78fe78 ci: remove install NPM steps (#1411)
  • cbe3898 docs: reword sentence (#1407)
  • 5167ce9 chore: update lint staged config (#1405)
  • 8ffd14e chore: update dependencies to the latest version (#1404)
  • db4d652 chore: update node version (#1403)
  • 0df1ae9 fix: expand lint-staged, use eslint cache (#1399)
  • 5eb7b80 test: fix (#1400)
  • e857d71 chore(release): 6.5.1
  • b7a8441 fix: regression with unicode characters in locals
  • 52715ee ci: test on Node.js v17 (#1394)
  • feafea8 fix: runtime path generation (#1393)
  • 61fcc4a test: data uri (#1392)

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

@cssecautomation cssecautomation mentioned this pull request Nov 5, 2022
Closed
@snyk-bot snyk-bot mentioned this pull request Dec 26, 2022
Closed
@joaompneves joaompneves closed this Mar 2, 2023
@joaompneves joaompneves deleted the snyk-upgrade-026b1e0122548a4bce7b83211014684f branch March 2, 2023 16:57
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@cssecautomation @joaompneves @snyk-bot