[Snyk] Fix for 3 vulnerabilities

[sb-benohe]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-DSET-2330881	Yes	Proof of Concept
	551/1000 Why? Recently disclosed, Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-POSTCSS-5926692	No	No Known Exploit
	736/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.3	Sandbox Bypass SNYK-JS-WEBPACK-3358798	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: postcss

The new version differs by 250 commits.

• 90208de Release 8.4.31 version
• 58cc860 Fix carrier return parsing
• 4fff8e4 Improve pnpm test output
• cd43ed1 Update dependencies
• caa916b Update dependencies
• 8972f76 Typo
• 11a5286 Typo
• 45c5501 Release 8.4.30 version
• bc3c341 Update linter
• b2be58a Merge pull request #1881 from romainmenke/improve-sourcemap-performance--philosophical-spiny-dogfish-3eb029c1c8
• 6a291d6 apply suggestions from code review
• efa442c Update lib/map-generator.js
• de33cf6 improve sourcemap performance
• 1c6ad25 Highlight banner with lines
• e10d5c0 More more detailed text below
• 3ff5f5f Rephrase into
• 272aae4 Remove old banner
• 632e876 Update CI actions
• cfa6cf4 Change EM banner
• fee5448 Release 8.4.29 version
• 3360c39 Update dependencies
• ade4145 Merge pull request #1879 from idoros/ido/fix-location-offset
• 9a7077b fix: node end offset
• ce9f6b3 Merge pull request #1875 from coliff/patch-1

See the full diff

Package name: twin.macro

The new version differs by 241 commits.

• 7a309e1 3.0.0
• ac9401b Lint fixes
• 9211179 Package updates
• 659d78b Make shortcss notice show original className
• 83bfc38 Tweak sassyPseudo check
• 3031a63 Fix parent selector on last variant
• 85a0620 Improve auto parent selector on last variant
• fce60bb Merge pull request #749 from ajmnz/theme-default-fix
• 9b08c07 Add support for container queries
• 11ee3a3 allow omitting DEFAULT when using theme
• d55deb9 Add className suggestions for new nested group/peer classes
• aa7f7b0 Update tailwindcss + daisyui deps + add tests
• 2776bca Adjust variant ordering
• f2d5f9f Further improve the auto parent selector
• 404ed35 Add tests for extra dividers
• 090b54e Add extra class divider validation
• b8510db Strip tab escape characters
• 29d55f8 Improve auto variant parent selector
• a40f87d Cover !bg-clip-text
• 946bd52 Add webkit prefix for background-clip: text
• 091b5ff Show suggestion for not-prose when used as class
• 80211db 3.0.0-rc.5
• 83ab7a2 Merge pull request #743 from ben-rogerson/feature/test-upgrades
• a364268 Add jest tests for arbitrary items, config, animation

See the full diff

Package name: webpack

The new version differs by 236 commits.

• 5d64468 Merge pull request #16792 from webpack/update-version
• 67af5ec chore(release): 5.76.0
• 97b1718 Merge pull request #16781 from askoufis/loader-context-target-type
• b84efe6 Merge pull request #16759 from ryanwilsonperkin/real-content-hash-regex-perf
• c98e9e0 Merge pull request #16493 from piwysocki/patch-1
• 5f34acf feat: Add `target` to `LoaderContext` type
• b7fc4d8 Merge pull request #16703 from ryanwilsonperkin/ryanwilsonperkin/fix-16160
• 63ea82d Merge branch 'webpack:main' into patch-1
• 4ba2252 Merge pull request #16446 from akhilgkrishnan/patch-1
• 1acd635 Merge pull request #16613 from jakebailey/ts-logo
• 302eb37 Merge pull request #16614 from jakebailey/html5-logo
• cfdb1df Improve performance of hashRegExp lookup
• 4d561a6 Add test for behaviour of filesystem-cached assets with loaders
• dfaa3b4 lint: remove trailing comma
• dcc3e71 Serialize code generator data to support generated assets
• b67626c Merge pull request #16491 from lvivski/main
• d957cdf Fix formatting
• 6011163 Fix formatting
• ea5e864 Fix HTML5 logo in README
• 2112f9b Replace TypeScript logo in README
• 5513dd6 Merge branch 'webpack:main' into patch-1
• 4b4ca3b Merge pull request #16500 from Jack-Works/avoid-cross-realm-object
• 4f39c9f fix: type error
• c922ee1 chore: revert breaking change

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Improper Input Validation