Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update dependency css-loader to v6 - autoclosed #1435

Closed

Conversation

mend-for-github-com[bot]
Copy link

@mend-for-github-com mend-for-github-com bot commented Jun 2, 2022

This PR contains the following updates:

Package Type Update Change
css-loader dependencies major ^5.2.7 -> ^6.0.0

By merging this PR, the issue #1430 will be automatically resolved and closed:

Severity CVSS Score CVE Reachability
Critical Critical 9.8 CVE-2022-37601
High High 7.5 CVE-2022-25883
High High 7.5 CVE-2022-37599
High High 7.5 CVE-2022-37603
Medium Medium 5.5 CVE-2021-23566
Medium Medium 5.3 CVE-2023-44270

Release Notes

webpack-contrib/css-loader (css-loader)

v6.9.0

Compare Source

Features
Bug Fixes
6.8.1 (2023-05-28)
Bug Fixes

v6.8.1

Compare Source

v6.8.0

Compare Source

Features
  • use template literal when it possible to prevent Maximum call stack size exceeded (#​1525) (6eb5661)
Bug Fixes
6.7.4 (2023-05-19)
Bug Fixes
6.7.3 (2022-12-14)
Bug Fixes
6.7.2 (2022-11-13)
Bug Fixes
6.7.1 (2022-03-08)
Bug Fixes

v6.7.4

Compare Source

v6.7.3

Compare Source

v6.7.2

Compare Source

v6.7.1

Compare Source

v6.7.0

Compare Source

Features

v6.6.0

Compare Source

Features
  • added the hashStrategy option (ca4abce)
6.5.1 (2021-11-03)
Bug Fixes

v6.5.1

Compare Source

v6.5.0

Compare Source

Features
  • support absolute URL in url() when experiments.buildHttp enabled (#​1389) (8946be4)
Bug Fixes
  • respect nosources in the devtool option (c60eff2)

v6.4.0

Compare Source

Features
  • generate more collision resistant for locals (c7db752)
Bug Fixes
  • classes generation for client and server bundling (303a3a1)

v6.3.0

Compare Source

Features
  • added [folder] placeholder (a0dee4f)
  • added the exportType option with 'array', 'string' and 'css-style-sheet' values (c6d2066)
    • 'array' - the default export is Array with API for style-loader and other
    • 'string' - the default export is String you don't need to-string-loader loader anymore
    • 'css-style-sheet' - the default export is a constructable stylesheet, you can use import sheet from './styles.css' assert { type: 'css' }; like in a browser, more information you can find here
  • supported supports() and layer() functions in @import at-rules (#​1377) (bce2c17)
  • fix multiple merging multiple @media at-rules (#​1377) (bce2c17)
Bug Fixes

v6.2.0

Compare Source

Features
  • allow the exportLocalsConvention option can be a function, useful for named export (#​1351) (3c4b357)

v6.1.0

Compare Source

Features
Bug Fixes

v6.0.0

Compare Source

Notes
  • using ~ is deprecated when the esModule option is enabled (enabled by default) and can be removed from your code (we recommend it) (url(~package/image.png) -> url(package/image.png), @import url(~package/style.css) -> @import url(package/style.css), composes: import from '~package/one.css'; -> composes: import from 'package/one.css';), but we still support it for historical reasons. Why can you remove it? The loader will first try to resolve @import/url()/etc as relative, if it cannot be resolved, the loader will try to resolve @import/url()/etc inside node_modules or modules directories.
  • file-loader and url-loader are deprecated, please migrate on asset modules, since v6 css-loader is generating new URL(...) syntax, it enables by default built-in assets modules, i.e. type: 'asset' for all url()
⚠ BREAKING CHANGES
  • minimum supported Node.js version is 12.13.0
  • minimum supported webpack version is 5, we recommend to update to the latest version for better performance
  • for url and import options Function type was removed in favor Object type with the filter property, i.e. before { url: () => true }, now { url: { filter: () => true } } and before { import: () => true }, now { import: { filter: () => true } }
  • the modules.compileType option was removed in favor the modules.mode option with icss value, also the modules option can have icss string value
  • new URL() syntax used for url(), only when the esModule option is enabled (enabled by default), it means you can bundle CSS for libraries
  • data URI are handling in url(), it means you can register loaders for them, example
  • aliases with false value for url() now generate empty data URI (i.e. data:0,), only when the esModule option is enabled (enabled by default)
  • [ext] placeholder don't need . (dot) before for the localIdentName option, i.e. please change .[ext] on [ext] (no dot before)
  • [folder] placeholder was removed without replacement for the localIdentName option, please use a custom function if you need complex logic
  • [emoji] placeholder was removed without replacement for the localIdentName option, please use a custom function if you need complex logic
  • the localIdentHashPrefix was removed in favor the localIdentHashSalt option
Features
  • supported resolve.byDependency.css resolve options for @import
  • supported resolve.byDependency.icss resolve CSS modules and ICSS imports (i.e. composes/etc)
  • added modules.localIdentHashFunction, modules.localIdentHashDigest, modules.localIdentHashDigestLength options for better class hashing controlling
  • less dependencies
Bug Fixes
  • better performance
  • fixed circular @import
Notes
  • we strongly recommend not to add .css to resolve.extensions, it reduces performance and in most cases it is simply not necessary, alternative you can set resolve options by dependency
5.2.7 (2021-07-13)
Bug Fixes
  • fix crash when source map is unavailable with external URL in [@import](https://togithub.com/import) (bb76fe4)
5.2.6 (2021-05-24)
Bug Fixes
  • always write locals export when css modules/icss enabled (#​1315) (075d9bd)
5.2.5 (2021-05-20)
Bug Fixes
5.2.4 (2021-04-19)
Bug Fixes
5.2.3 (2021-04-19)
Bug Fixes
  • improve performance
5.2.2 (2021-04-16)
Bug Fixes
  • avoid escape nonASCII characters in local names (0722733)
5.2.1 (2021-04-09)
Bug Fixes

  • If you want to rebase/retry this PR, check this box

@mend-for-github-com mend-for-github-com bot added the security fix Security fix generated by Mend label Jun 2, 2022
@mend-for-github-com mend-for-github-com bot changed the title Update dependency css-loader to v6 chore(deps): update dependency css-loader to v6 Sep 29, 2022
@mend-for-github-com mend-for-github-com bot changed the title chore(deps): update dependency css-loader to v6 Update dependency css-loader to v6 Oct 24, 2022
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/css-loader-6.x branch 2 times, most recently from d05f42a to e8185da Compare December 2, 2022 06:58
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/css-loader-6.x branch from e8185da to 0771d1d Compare December 9, 2022 06:16
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/css-loader-6.x branch from 0771d1d to 9c9849d Compare December 27, 2022 06:26
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/css-loader-6.x branch from 9c9849d to 194a95e Compare February 23, 2023 04:29
@mend-for-github-com mend-for-github-com bot changed the title Update dependency css-loader to v6 Update dependency css-loader to v6 - autoclosed Apr 29, 2024
@mend-for-github-com mend-for-github-com bot deleted the whitesource-remediate/css-loader-6.x branch April 29, 2024 18:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
security fix Security fix generated by Mend
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants