[Snyk] Fix for 1 vulnerabilities

[lili2311]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • lib/core/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	551/1000 Why? Recently disclosed, Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-POSTCSS-5926692	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: css-loader

The new version differs by 76 commits.

• 1351e3a chore(release): 5.0.0
• 747d62b feat: allow named exports to have underscores in names (API V2 storybookjs/storybook#1209)
• 7bfe85d chore(deps): update (How to access getStoryBook in Node? (Storybook 3.0.1) storybookjs/storybook#1208)
• b5c9379 feat: postcss@8 (Update marksy dependecy due broken 1.1.0 version storybookjs/storybook#1204)
• 92fe103 docs: context is localIdentContext in README (Added a vanilla React Native example app. storybookjs/storybook#1202)
• e5a9272 chore(deps): update (build-storybook (v3) doesn't work anymore storybookjs/storybook#1203)
• 63b41be refactor: emoji deprecate
• 9f974be feat: reduce runtime
• d779eb1 feat: escape getLocalIdent by default (README images are broken on npm storybookjs/storybook#1196)
• dd52931 feat: hide warning on no plugins (Fixed typo in getstorybook project type detection storybookjs/storybook#1195)
• 52412f6 feat: improve error message
• 0f95841 feat: add fallback if custom getLocalIdent returns null (CLI support for next.js storybookjs/storybook#1193)
• 2f1573f feat: auto enable icss modules
• df111b8 test: import with file protocol
• cfe669f refactor: remove icss option (Fixed typo in react-native browser instructions storybookjs/storybook#1189)
• 57eb505 chore(release): 4.3.0
• 3ddcc7b chore(deps): update deps (Knobs Addon: support JavaScript objects (rather than JSON) storybookjs/storybook#1186)
• 88b8ddc fix: line breaks in `url` function
• 8b865fe test: source map (update slow-start docs to use storybook 3.0 storybookjs/storybook#1180)
• ec58a7c feat: the `importLoaders` can be `string` (Feature: Grouping like components with sidebar sections storybookjs/storybook#1178)
• df490c7 test: sass-loader next (Search on documentation storybookjs/storybook#1177)
• 26a3062 chore(release): 4.2.2
• e42f046 refactor: improve sources handling in source maps (ADD https import & remove tracking code remains storybookjs/storybook#1176)
• 4ce556a docs: fix type (Fix(react-native) add missing ws dependency storybookjs/storybook#1174)

See the full diff

Package name: postcss-flexbugs-fixes

The new version differs by 2 commits.

• ff3e5a2 Port to PostCSS 8 API. ([Snyk-dev] Fix for 1 vulnerabilities #71)
• 5eb09c7 fix calc regex ([Snyk-dev] Security upgrade react-scripts from 0.9.5 to 1.0.0 #69)

See the full diff

Package name: postcss-loader

The new version differs by 39 commits.

• 792e217 chore(release): 4.0.0
• 598f36d docs: improve readme
• cad6f07 fix: avoid mutations of options and config ([Snyk-dev] Fix for 3 vulnerabilities #470)
• 77449e1 test: union ([Snyk-dev] Fix for 6 vulnerabilities #469)
• 9b75888 feat: reuse AST from other loaders ([Snyk-dev] Fix for 3 vulnerabilities #468)
• 5e4a77b fix: resolve `from` and `to` from config and options ([Snyk-dev] Security upgrade @storybook/theming from 5.3.0-alpha.22 to 6.5.0 #467)
• 225b2e5 refactor: do not validate `postcss` options ([Snyk-dev] Fix for 3 vulnerabilities #466)
• 3d32c35 fix: `default` export for plugins ([Snyk-dev] Fix for 3 vulnerabilities #465)
• 38ebe08 refactor: `execute` option ([Snyk-dev] Fix for 3 vulnerabilities #464)
• d0ea725 refactor: config loading
• 108d871 test: more
• b4d3bcc chore: remove unnecessary dev deps ([Snyk-dev] Fix for 3 vulnerabilities #460)
• 475278c chore: move `postcss` to `peerDependencies` ([Snyk-dev] Security upgrade @storybook/components from 5.3.0-alpha.22 to 6.5.10 #459)
• 98441ff fix: respect the `map` option and source maps ([Snyk-dev] Security upgrade @storybook/core from 5.3.0-alpha.22 to 6.2.0 #458)
• ba88040 refactor: do not pass meta from other loaders ([Snyk-dev] Security upgrade @storybook/components from 5.3.0-alpha.22 to 6.5.10 #457)
• 25a16a0 refactor: source map code
• 677c2fe refactor: removed `inline` value for the `sourceMap` option ([Snyk-dev] Security upgrade @storybook/cli from 5.3.0-alpha.22 to 6.0.0 #454)
• d8d84f7 refactor: code ([Snyk-dev] Security upgrade @storybook/core from 5.3.0-alpha.22 to 6.2.0 #453)
• 3cd85df refactor: code
• 6eb44ed refactor: code
• 53da71a refactor: sourcemap paths
• d7bc470 feat: array syntax for plugins
• 2cd7614 refactor: code ([Snyk-dev] Security upgrade @storybook/core from 5.3.0-alpha.22 to 6.2.0 #451)
• 60e4f12 docs: addDependency ([Snyk-dev] Security upgrade @storybook/core from 5.3.0-alpha.22 to 6.2.0 #448)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Improper Input Validation

[lili2311]

✅ This PR has been automatically closed

The security issues addressed by this pull request are no longer present in the latest project scan. All vulnerabilities this PR was created to fix have been resolved through other means (e.g., dependency updates, direct fixes, or changes in vulnerability data).

Resolved Issues

• SNYK-JS-POSTCSS-5926692

What should I do?

No action is required. If you believe this PR was closed in error, you can reopen it and contact Snyk support.

---

This action was performed automatically by Snyk.