[Snyk] Fix for 1 vulnerabilities

[isp1r0]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • ui/package.json
  • ui/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	551/1000 Why? Recently disclosed, Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-POSTCSS-5926692	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: css-loader

The new version differs by 102 commits.

• 1351e3a chore(release): 5.0.0
• 747d62b feat: allow named exports to have underscores in names (devspace is replacing container environment variables in unpleasant way devspace-sh/devspace#1209)
• 7bfe85d chore(deps): update (Updated caching explanation devspace-sh/devspace#1208)
• b5c9379 feat: postcss@8 (docker cache invalidated when using --cache-from args devspace-sh/devspace#1204)
• 92fe103 docs: context is localIdentContext in README (multiple profile parents & profile sources devspace-sh/devspace#1202)
• e5a9272 chore(deps): update (Can't use wildcard in manifest path devspace-sh/devspace#1203)
• 63b41be refactor: emoji deprecate
• 9f974be feat: reduce runtime
• d779eb1 feat: escape getLocalIdent by default (refactor: remove helm dependency & use cli instead devspace-sh/devspace#1196)
• dd52931 feat: hide warning on no plugins (fix(ui): fxies an issue where the ui would display 404 devspace-sh/devspace#1195)
• 52412f6 feat: improve error message
• 0f95841 feat: add fallback if custom getLocalIdent returns null (Extend devspace open command to allow access to any container devspace-sh/devspace#1193)
• 2f1573f feat: auto enable icss modules
• df111b8 test: import with file protocol
• cfe669f refactor: remove icss option (fix: fixes an issue with large files in remote port forwarding devspace-sh/devspace#1189)
• 57eb505 chore(release): 4.3.0
• 3ddcc7b chore(deps): update deps (initialCompareBy, devspace restart & --print-sync devspace-sh/devspace#1186)
• 88b8ddc fix: line breaks in `url` function
• 8b865fe test: source map (fix: fixes an issue with upgrade messages & klog messages devspace-sh/devspace#1180)
• ec58a7c feat: the `importLoaders` can be `string` (forward statefulset pod is bad dns?? devspace-sh/devspace#1178)
• df490c7 test: sass-loader next (devspace sync uploads unmodified files devspace-sh/devspace#1177)
• 26a3062 chore(release): 4.2.2
• e42f046 refactor: improve sources handling in source maps (Using onUpload post-sync commands does not work as expected devspace-sh/devspace#1176)
• 4ce556a docs: fix type (build(deps): bump node-fetch from 2.6.0 to 2.6.1 in /ui devspace-sh/devspace#1174)

See the full diff

Package name: postcss-flexbugs-fixes

The new version differs by 9 commits.

• ff3e5a2 Port to PostCSS 8 API. ([Snyk] Security upgrade golang from 1.10.1 to 1.18beta1 #71)
• 5eb09c7 fix calc regex ([Snyk] Security upgrade golang from 1.10.1 to 1.17.5 #69)
• 85f7d29 remove indent rules
• 8a0cc84 Release 4.2.0
• f4886dc upgrade packages + prettier
• 04e66ac fix: don't mess with values that reference custom props ([Snyk] Security upgrade golang from 1.10.1 to 1 #64)
• c51f4e7 Bump mixin-deep from 1.3.1 to 1.3.2 ([Snyk] Security upgrade golang from 1.13.0-alpine to 1.16.11-alpine #60)
• fa13fa0 Bump js-yaml from 3.12.0 to 3.13.1 ([Snyk] Security upgrade php from 7.1-apache-stretch to 7.3.29-apache-stretch #61)
• 629e11d Bump extend from 3.0.1 to 3.0.2 ([Snyk] Security upgrade php from 7.1-apache-stretch to 7.3.29-apache-stretch #62)

See the full diff

Package name: postcss-loader

The new version differs by 39 commits.

• 792e217 chore(release): 4.0.0
• 598f36d docs: improve readme
• cad6f07 fix: avoid mutations of options and config ([Snyk] Security upgrade golang from 1.13.0-alpine to 1.19.10-alpine #470)
• 77449e1 test: union ([Snyk] Security upgrade golang from 1.13.0-alpine to 1.19.10-alpine #469)
• 9b75888 feat: reuse AST from other loaders ([Snyk] Security upgrade golang from 1.13.0-alpine to 1.19.10-alpine #468)
• 5e4a77b fix: resolve `from` and `to` from config and options ([Snyk] Security upgrade golang from 1.13-alpine to 1.19.10-alpine #467)
• 225b2e5 refactor: do not validate `postcss` options ([Snyk] Security upgrade golang from 1.13.0-alpine to 1.19.10-alpine #466)
• 3d32c35 fix: `default` export for plugins ([Snyk] Security upgrade nodemon from 1.18.11 to 3.0.0 #465)
• 38ebe08 refactor: `execute` option ([Snyk] Security upgrade golang from 1.10.1 to 1.21rc2 #464)
• d0ea725 refactor: config loading
• 108d871 test: more
• b4d3bcc chore: remove unnecessary dev deps ([Snyk] Security upgrade nodemon from 1.18.11 to 2.0.17 #460)
• 475278c chore: move `postcss` to `peerDependencies` ([Snyk] Security upgrade nodemon from 1.19.4 to 2.0.17 #459)
• 98441ff fix: respect the `map` option and source maps ([Snyk] Security upgrade alpine from 3.11.6 to 3.16 #458)
• ba88040 refactor: do not pass meta from other loaders ([Snyk] Security upgrade golang from 1.13-alpine to 1.19.8-alpine #457)
• 25a16a0 refactor: source map code
• 677c2fe refactor: removed `inline` value for the `sourceMap` option ([Snyk] Security upgrade golang from 1.10.1 to 1.20 #454)
• d8d84f7 refactor: code ([Snyk] Security upgrade @docusaurus/core from 2.0.0-alpha.50 to 2.0.0 #453)
• 3cd85df refactor: code
• 6eb44ed refactor: code
• 53da71a refactor: sourcemap paths
• d7bc470 feat: array syntax for plugins
• 2cd7614 refactor: code ([Snyk] Security upgrade golang from 1.10.1 to 1.19.8 #451)
• 60e4f12 docs: addDependency ([Snyk] Security upgrade golang from 1.13.0-alpine to 1.19.8-alpine #448)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Improper Input Validation