[Snyk] Fix for 1 vulnerabilities

[GerHobbelt]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: css-mqpacker

The new version differs by 51 commits.

• a8a67a5 7.0.0
• 78bc71d Update dependencies
• 93ef2ef Merge pull request Sass not saving css file? iamvdo/pleeease#63 from jiaming10/fix-spelling
• ff9727e Fix spelling
• 4d8b710 Remove engines field
• 8cb3a32 Cover with istanbul
• 2d31024 Merge pull request Upgrade to node-sass 3.3.x iamvdo/pleeease#59 from subtronic/patch-1
• 8560f9a Update README.md
• 2e73471 Lint
• 686f27c 6.0.2
• 6ff963e Update dependencies
• 9c4a9d5 Pretty
• 2e4e4b5 Merge pull request fix the version of pixrem to 1.3.1 because 1.3.2 causes broken pleeease iamvdo/pleeease#58 from hail2u/sort_zero
• 3b2cbf7 Treat 0 as correct CSS length
• bb449f0 Update dependencies
• 516b5aa Merge pull request Remove pleeease.NEXT ? iamvdo/pleeease#52 from hail2u/nested-media
• 1fc4ffd Test 3 level nesting
• 5f6fe56 Support nested queries
• 8a4b488 Version 6.0.1
• d811f26 Merge pull request Adding an option to not exit the watcher when there is an error iamvdo/pleeease#51 from hail2u/issue50
• 47a3b2c Process only direct child of root
• 7b11b59 Version 6.0.0
• 2e67b98 Don’t use deprecated method
• 5acecc9 Update dependencies

See the full diff

Package name: csswring

The new version differs by 65 commits.

• 4f6467b 7.0.0
• 2c31869 Update dependencies
• 8352556 Remove engines field
• aa4029e Cover with istanbul
• 7c98acc Lint
• ffe9b81 6.0.3
• b9c6429 Update dependencies
• 9021283 Merge pull request Compilation fails with sass indented syntax  iamvdo/pleeease#90 from hail2u/issue89
• f9654a3 Preserve `min-width:0%` as it is
• abe0388 Prettify
• ce8b9c3 6.0.2
• 4c32163 Merge pull request compiling issues with comments iamvdo/pleeease#88 from hail2u/issue87
• 27e72ab Remove white spaces between quote and flag
• 172805b Support in-casesensitivity flag in attr selector
• faba5ed Version 6.0.1
• c2a91a1 Merge pull request Package has vulnerable dependencies iamvdo/pleeease#86 from hail2u/issue85
• e656fba Don’t remove unit of 0 from custom property value
• 569b3a9 Update dependencies
• 58015df Use noun form
• 923eed7 Version 6.0.0
• 0c9870c Update dependencies
• 1d0957e Update dependencies
• 7ffa643 Lint
• 6e1f791 Use Object#assign() for merging objects

See the full diff

Package name: node-sass

The new version differs by 250 commits.

• 99242d7 7.0.1
• 77049d1 build(deps): bump sass-graph from 2.2.5 to 4.0.0 (#3224)
• c929f25 build(deps): bump node-gyp from 7.1.2 to 8.4.1 (#3209)
• 918dcb3 Lint fix
• 0a21792 Set rejectUnauthorized to true by default (#3149)
• e80d4af chore: Drop EOL Node 15 (#3122)
• d753397 feat: Add Node 17 support (#3195)
• dcf2e75 build(deps-dev): bump eslint from 7.32.0 to 8.0.0
• bfa1a3c build(deps): bump actions/setup-node from 2.4.0 to 2.4.1
• 80d6c00 chore: Windows x86 on GitHub Actions (#3041)
• 566dc27 build(deps-dev): bump fs-extra from 0.30.0 to 10.0.0 (#3102)
• 7bb5157 build(deps): bump npmlog from 4.1.2 to 5.0.0 (#3156)
• 2efb38f build(deps): bump chalk from 1.1.3 to 4.1.2 (#3161)
• fca5257 build(deps): bump actions/setup-node from 2.3.0 to 2.4.0
• 6200b21 docs: Double word "support" (#3159)
• eaf791a build(deps): bump actions/setup-node from 2.1.5 to 2.3.0
• 16b8d4b build(deps): bump coverallsapp/github-action from 1.1.2 to 1.1.3
• c167004 6.0.1
• 911d4db remove mkdirp dep (#3108)
• 30a52f7 build(deps): bump meow from 3.7.0 to 9.0.0
• 7e08463 build(deps-dev): bump mocha from 8.4.0 to 9.0.1
• cfcbb2c chore: Use default Apline version from docker-node (#3121)
• 886319b chore: Drop Node 10 support
• c908f4f fix: Bump OSX minimum to 10.11

See the full diff

Package name: pixrem

The new version differs by 9 commits.

• 80581f4 Bump major version to drop node 4 support
• e72db33 Merge pull request Watcher taking 150% cpu - fans heating up iamvdo/pleeease#65 from ai/dependencies
• acfa952 Update Node.js versions
• 6cdca78 Update dependencies
• 5ac0e16 Merge pull request Pleeease stopped working since few days iamvdo/pleeease#47 from sebdeckers/patch-1
• 465958b 4.0.1
• b759c20 4.0.0
• d317b0a Bump to PostCSS v6 & Browserslist v2 (fix Don't watch the root folder with Chokidar in pleeease-watch iamvdo/pleeease#61 Fix broken output when pleeease-cli gives pleeease.parse AST data iamvdo/pleeease#62)
• 9ac0d6c Correct SPDX identifier

See the full diff

Package name: postcss-import

The new version differs by 225 commits.

• aae7db3 12.0.0
• d9bc09f Update eslint-config-i-am-meticulous to version 11.0.0 (#371)
• 3868ce2 Update postcss-scss to version 2.0.0 (#370)
• 1c40a5f Update prettier to version 1.14.0 (#373)
• 8c8c7ec Update eslint to version 5.0.0 (#364)
• 92e38d7 Drop Node 4 from AppVeyor
• 9cd2953 Use PostCSS 7 & drop support for Node.js 4 (#372)
• 84d35e2 Update prettier to version 1.13.5 (#363)
• 7127b77 Update eslint-config-i-am-meticulous to version 10.0.0 (#362)
• fcc31b1 Update npmpub to version 4.0.0 (#360)
• c62200b Update eslint-config-i-am-meticulous to version 9.0.0 (#361)
• 3d9dc49 Update prettier to version 1.13.0 (#357)
• f72bdc2 Update prettier to version 1.12.1 (#353)
• 64ffaa2 Update prettier to version 1.12.0 (#352)
• af2747d Update prettier to version 1.11.0 (#346)
• a941757 11.1.0
• 5a99783 Add Filter Parameter (#327)
• 7c863ea Update eslint-config-i-am-meticulous to version 8.0.0 (#344)
• 78c0832 Update ava to version 0.25.0 (#343)
• 2949578 Silence postcss warnings in tests
• d5e0f10 Update .gitignore
• 7ab52b7 Add tests for importing sub-files/directories from npm packages (#337)
• df611c2 Update eslint to version 4.16.0 (#336)
• b53e7f5 Update prettier to version 1.10.2 (#333)

See the full diff

Package name: postcss-url

The new version differs by 67 commits.

• 1a7496e 8.0.0
• dcfef47 eslint fixes
• 4830527 8.0.0 changlelog
• 4810601 added package-lock.json
• 0e361d5 updated mime package
• c6deff4 fix changelog
• 05be637 Merge pull request #126 from realityking/postcss7
• 1b5c06e Update postcss to version 7
• 88fc678 Update some dev dependencies
• 607e448 Support Node.js 10
• de03b85 Require Node.js 6
• ea84a94 7.3.2
• de6f6e2 Merge pull request #119 from kisenka/skip-urls-with-tilde
• 00ceb36 chore: skip URLs started with tilde
• eeaccb7 chore: eslint fix
• bec2b0c feat: skip URLs with tilde
• 251a2c8 7.3.1
• c92a076 doc fixes
• d559b4f Merge pull request #117 from just4uwei/master
• 271f917 fixbug
• 343294c fix changelog
• 953ba4b 7.3.0
• 1d4e78e Merge pull request #114 from digitalkaoz/patch-1
• e557044 prepend original filename in hashed filename

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.