Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update dependency css-loader to v6 #309

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

mend-for-github-com[bot]
Copy link

@mend-for-github-com mend-for-github-com bot commented Jul 1, 2024

This PR contains the following updates:

Package Type Update Change
css-loader devDependencies major ^1.0.0 -> ^6.0.0

By merging this PR, the below issues will be automatically resolved and closed:

Severity CVSS Score CVE GitHub Issue
Medium 5.3 CVE-2021-23382 #78
Medium 5.3 CVE-2021-23382 #78
Medium 5.3 CVE-2023-44270 #308
Medium 5.3 CVE-2023-44270 #308

Release Notes

webpack-contrib/css-loader (css-loader)

v6.9.0

Compare Source

Features
Bug Fixes
6.8.1 (2023-05-28)
Bug Fixes

v6.8.1

Compare Source

v6.8.0

Compare Source

Features
  • use template literal when it possible to prevent Maximum call stack size exceeded (#​1525) (6eb5661)
Bug Fixes
6.7.4 (2023-05-19)
Bug Fixes
6.7.3 (2022-12-14)
Bug Fixes
6.7.2 (2022-11-13)
Bug Fixes
6.7.1 (2022-03-08)
Bug Fixes

v6.7.4

Compare Source

v6.7.3

Compare Source

v6.7.2

Compare Source

v6.7.1

Compare Source

v6.7.0

Compare Source

Features

v6.6.0

Compare Source

Features
  • added the hashStrategy option (ca4abce)
6.5.1 (2021-11-03)
Bug Fixes

v6.5.1

Compare Source

v6.5.0

Compare Source

Features
  • support absolute URL in url() when experiments.buildHttp enabled (#​1389) (8946be4)
Bug Fixes
  • respect nosources in the devtool option (c60eff2)

v6.4.0

Compare Source

Features
  • generate more collision resistant for locals (c7db752)
Bug Fixes
  • classes generation for client and server bundling (303a3a1)

v6.3.0

Compare Source

Features
  • added [folder] placeholder (a0dee4f)
  • added the exportType option with 'array', 'string' and 'css-style-sheet' values (c6d2066)
    • 'array' - the default export is Array with API for style-loader and other
    • 'string' - the default export is String you don't need to-string-loader loader anymore
    • 'css-style-sheet' - the default export is a constructable stylesheet, you can use import sheet from './styles.css' assert { type: 'css' }; like in a browser, more information you can find here
  • supported supports() and layer() functions in @import at-rules (#​1377) (bce2c17)
  • fix multiple merging multiple @media at-rules (#​1377) (bce2c17)
Bug Fixes

v6.2.0

Compare Source

Features
  • allow the exportLocalsConvention option can be a function, useful for named export (#​1351) (3c4b357)

v6.1.0

Compare Source

Features
Bug Fixes

v6.0.0

Compare Source

Notes
  • using ~ is deprecated when the esModule option is enabled (enabled by default) and can be removed from your code (we recommend it) (url(~package/image.png) -> url(package/image.png), @import url(~package/style.css) -> @import url(package/style.css), composes: import from '~package/one.css'; -> composes: import from 'package/one.css';), but we still support it for historical reasons. Why can you remove it? The loader will first try to resolve @import/url()/etc as relative, if it cannot be resolved, the loader will try to resolve @import/url()/etc inside node_modules or modules directories.
  • file-loader and url-loader are deprecated, please migrate on asset modules, since v6 css-loader is generating new URL(...) syntax, it enables by default built-in assets modules, i.e. type: 'asset' for all url()
⚠ BREAKING CHANGES
  • minimum supported Node.js version is 12.13.0
  • minimum supported webpack version is 5, we recommend to update to the latest version for better performance
  • for url and import options Function type was removed in favor Object type with the filter property, i.e. before { url: () => true }, now { url: { filter: () => true } } and before { import: () => true }, now { import: { filter: () => true } }
  • the modules.compileType option was removed in favor the modules.mode option with icss value, also the modules option can have icss string value
  • new URL() syntax used for url(), only when the esModule option is enabled (enabled by default), it means you can bundle CSS for libraries
  • data URI are handling in url(), it means you can register loaders for them, example
  • aliases with false value for url() now generate empty data URI (i.e. data:0,), only when the esModule option is enabled (enabled by default)
  • [ext] placeholder don't need . (dot) before for the localIdentName option, i.e. please change .[ext] on [ext] (no dot before)
  • [folder] placeholder was removed without replacement for the localIdentName option, please use a custom function if you need complex logic
  • [emoji] placeholder was removed without replacement for the localIdentName option, please use a custom function if you need complex logic
  • the localIdentHashPrefix was removed in favor the localIdentHashSalt option
Features
  • supported resolve.byDependency.css resolve options for @import
  • supported resolve.byDependency.icss resolve CSS modules and ICSS imports (i.e. composes/etc)
  • added modules.localIdentHashFunction, modules.localIdentHashDigest, modules.localIdentHashDigestLength options for better class hashing controlling
  • less dependencies
Bug Fixes
  • better performance
  • fixed circular @import
Notes
  • we strongly recommend not to add .css to resolve.extensions, it reduces performance and in most cases it is simply not necessary, alternative you can set resolve options by dependency
5.2.7 (2021-07-13)
Bug Fixes
  • fix crash when source map is unavailable with external URL in [@import](https://togithub.com/import) (bb76fe4)
5.2.6 (2021-05-24)
Bug Fixes
  • always write locals export when css modules/icss enabled (#​1315) (075d9bd)
5.2.5 (2021-05-20)
Bug Fixes
5.2.4 (2021-04-19)
Bug Fixes
5.2.3 (2021-04-19)
Bug Fixes
  • improve performance
5.2.2 (2021-04-16)
Bug Fixes
  • avoid escape nonASCII characters in local names (0722733)
5.2.1 (2021-04-09)
Bug Fixes

v5.2.7

Compare Source

v5.2.6

Compare Source

v5.2.5

Compare Source

v5.2.4

Compare Source

v5.2.3

Compare Source

v5.2.2

Compare Source

v5.2.1

Compare Source

v5.2.0

Compare Source

Features
5.1.4 (2021-03-24)
Bug Fixes
5.1.3 (2021-03-15)
Bug Fixes
  • the auto option works using inline module syntax (#​1274) (1db2f4d)
  • ident generation for CSS modules using inline module syntax (#​1274) (1db2f4d)
5.1.2 (2021-03-10)
Bug Fixes
  • handling @import with spaces before and after and any extensions (#​1272) (0c47cf7)
  • inline loader syntax in @import and modules (3f49ed0)
5.1.1 (2021-03-01)
Bug Fixes

v5.1.4

Compare Source

v5.1.3

Compare Source

v5.1.2

Compare Source

v5.1.1

Compare Source

v5.1.0

Compare Source

Features
5.0.2 (2021-02-08)
Bug Fixes
5.0.1 (2020-11-04)
Bug Fixes

v5.0.2

Compare Source

v5.0.1

Compare Source

v5.0.0

Compare Source

⚠ BREAKING CHANGES
  • migrate on PostCSS 8
  • runtime doesn't contain source maps code without sourceMap: true
  • returned value from the getLocalIdent escapes by default, the exportName value is always unescaped
  • Auto enable icss modules for all files for which /\.icss\.\w+$/i (the modules.compileType option is icss)
  • [emoji] placeholder was deprecated
  • icss option was removed (it was deprecated previously)
Features

v4.3.0

Compare Source

Features
Bug Fixes
  • line breaks in url function (88b8ddc)
4.2.2 (2020-08-24)
Bug Fixes
  • source maps generation, source from source maps are now relative to compiler.context and use webpack:// protocol (#​1169) (fb5c53d)
4.2.1 (2020-08-06)
Bug Fixes
  • regression with the exportOnlyLocals option, now locals are not exported under the locals name, it was big regression, we apologize for that (24c0a12)

v4.2.2

Compare Source

v4.2.1

Compare Source

v4.2.0

Compare Source

Features
  • add module.type option, the icss option is deprecated (#​1150) (68f72af)
4.1.1 (2020-07-30)
Bug Fixes

v4.1.1

Compare Source

v4.1.0

Compare Source

Features
Bug Fixes

v4.0.0

Compare Source

⚠ BREAKING CHANGES
  • minimum required Node.js version is 10.13.0
  • minimum required webpack version is 4.27.0
  • the esModule option is true by default
  • default value of the sourceMap option depends on the devtool option
  • icss plugin disable by default, you need to setup the modules option to enable it
  • the modules option is true by default for all files matching /\.module\.\w+$/i.test(filename) regular expression, module.auto is true by default
  • the modules.context option was renamed to the modules.localIdentContext option
  • default the modules.localIdentContext value is compiler.context for the module.getLocalIdent option
  • the modules.hashPrefix option was renamed to the modules.localIdentHashPrefix option
  • the localsConvention option was moved and renamed to the modules.exportLocalsConvention option
  • the getLocalIndent option should be always Function and should always return String value
  • the onlyLocals option was moved and renamed to the modules.exportOnlyLocals option
  • function arguments of the import option were changed, it is now function(url, media, resourcePath) {}
  • inline syntax was changed, please write ~ before the file request, i.e. rewrite url(~!!loader!package/img.png) to url(!!loader!~package/img.png)
  • url() resolving algorithm now handles absolute paths instead of ignoring them. This can break builds which relied on absolute paths to refer to the asset directory. (bc19ddd)
Features
  • @value supports importing url() (#​1126) (7f49a0a)
  • improve url() resolving algorithm to support more path types (bc19ddd)
  • named export for locals (#​1108) (d139ec1)
  • respected the style field from package.json (#​1099) (edf5347)
  • support file: protocol (5604205)
  • support server relative URLs
Bug Fixes
  • resolution algorithm, you don't need ~ inside packages in node_modules (76f1480)

v3.6.0

Compare Source

Features
3.5.3 (2020-04-24)
Bug Fixes
  • add file from an error to file dependencies (841423f)
  • avoid query string in source maps (#​1082) (f64de13)
3.5.2 (2020-04-10)
Bug Fixes
3.5.1 (2020-04-07)
Bug Fixes

v3.5.3

Compare Source

v3.5.2

Compare Source

v3.5.1

Compare Source

v3.5.0

Compare Source

Features
  • accept semver compatible postcss AST (#​1049) (14c4faa)
  • allow to determinate css modules using the modules.auto option, please look at an example of how you can simplify the configuration. (#​1067) (c673cf4)
  • the modules.exportGlobals option for export global classes and ids (#​1069) (519e5f4)
  • the modules.mode option may be a function (#​1065) (0d8ac3b)
3.4.2 (2020-01-10)
Bug Fixes
3.4.1 (2020-01-03)
Bug Fixes
  • do not output undefined when sourceRoot is unavailable (#​1036) (ded2a79)
  • don't output invalid es5 code when locals do not exists (#​1035) (b60e62a)

v3.4.2

Compare Source

v3.4.1

Compare Source

v3.4.0

Compare Source

Features
Bug Fixes
3.3.2 (2019-12-12)
Bug Fixes
  • logic for order and media queries for imports (1fb5134)
3.3.1 (2019-12-12)
Bug Fixes
  • better handling url functions and an url in @import at-rules
  • reduce count of require (#​1014) (e091d27)

v3.3.2

Compare Source

v3.3.1

Compare Source

v3.3.0

Compare Source

Features
Bug Fixes
3.2.1 (2019-12-02)
Bug Fixes
  • add an additional space after the escape sequence (#​998) (0961304)
  • compatibility with ES modules syntax and hash in url function (#​1001) (8f4d6f5)

v3.2.1

Compare Source

v3.2.0

Compare Source

Bug Fixes
  • replace . characters in localIndent to - character (regression) (#​982) (967fb66)
Features

v3.1.0

Compare Source

Bug Fixes
  • converting all (including reserved and control) filesystem characters to - (it was regression in 3.0.0 version) (#​972) (f51859b)
  • default context should be undefined instead of null (#​965) (9c32885)
Features
  • allow modules.getLocalIdent to return a falsy value (#​963) (9c3571c)
  • improved validation error messages (65e4fc0)

v3.0.0

Compare Source

Bug Fixes
  • avoid the "from" argument must be of type string error (#​908) (e5dfd23)
  • invert Function behavior for url and import options (#​939) (e9eb5ad)
  • properly export locals with escaped characters (#​917) (a0efcda)
  • property handle non css characters in localIdentName (#​920) (d3a0a3c)
Features
BREAKING CHANGES
  • minimum required nodejs version is 8.9.0
  • @value at rules now support in selector, recommends checking all @values at-rule usage (hint: you can add prefix to all @value at-rules, for example @value v-foo: black; or @value m-foo: screen and (max-width: 12450px), and then do upgrade)
  • invert {Function} behavior for url and import options (need return true when you want handle url/@import and return false if not)
  • camelCase option was remove in favor localsConvention option, also it is accept only {String} value (use camelCase value if you previously value was true and asIs if you previously value was false)
  • exportOnlyLocals option was remove in favor onlyLocals option
  • modules option now can be {Object} and allow to setup CSS Modules options:
    • localIdentName option was removed in favor modules.localIdentName option
    • context option was remove in favor modules.context option
    • hashPrefix option was removed in favor modules.hashPrefix option
    • getLocalIdent option was removed in favor modules.getLocalIdent option
    • localIdentRegExp option was removed in favor modules.localIdentRegExp option

v2.1.1

Compare Source

Bug Fixes
  • do not break selector with escaping (#​896) (0ba8c66)
  • source map generation when sourceRoot is present (#​901) (e9ce745)
  • sourcemap generating when previous loader pass sourcemap as string (#​905) (3797e4d)

v2.1.0

Compare Source

Features

2.0.2 (2018-12-21)

Bug Fixes
  • inappropriate modification of animation keywords (#​876) (dfb2f8e)

v2.0.2

Compare Source

Bug Fixes
  • inappropriate modification of animation keywords (#​876) (dfb2f8e)

v2.0.1

Compare Source

Bug Fixes

v2.0.0

Compare Source

Bug Fixes
  • broken unucode characters (#​850) (f599c70)
  • correctly processing urls() with ?#hash (#​803) (417d105)
  • don't break loader on invalid or not exists url or import token (#​827) (9e52d26)
  • don't duplicate import with same media in different case (#​819) (9f66e33)
  • emit warnings on broken import at-rules (#​806) (4bdf08b)
  • handle uppercase URL in import at-rules (#​818) (3ebdcd5)
  • inconsistent generate class names for css modules on difference os (#​812) (0bdf9b7)
  • reduce number of require for urls() (#​854) (3338656)
  • support deduplication of string module ids (optimization.namedModules) (#​789) (e3bb83a)
  • support module resolution in composes (#​845) (453248f)
  • same urls() resolving logic for modules (local and global) and without modules (#​843) (fdcf687)
Features
BREAKING CHANGES
  • resolving logic for url() and import at-rules works the same everywhere, it does not matter whether css modules are enabled (with global and local module) or not. Examples - url('image.png') as require('./image.png'), url('./image.png') as require('./image.png'), url('~module/image.png') as require('module/image.png').
  • by default css modules are disabled (now modules: false disable all css modules features), you can return old behaviour change this on modules: 'global'
  • css-loader/locals was dropped in favor exportOnlyLocals option
  • import option only affect on import at-rules and doesn't affect on composes declarations
  • invalid @import at rules now emit warnings
  • use postcss@7

1.0.1 (2018-10-29)

Bug Fixes

  • If you want to rebase/retry this PR, check this box

@mend-for-github-com mend-for-github-com bot added the security fix Security fix generated by WhiteSource label Jul 1, 2024
@mend-for-github-com mend-for-github-com bot changed the title Update dependency css-loader to v6 Update dependency css-loader to v6 - autoclosed Jul 2, 2024
@mend-for-github-com mend-for-github-com bot deleted the whitesource-remediate/css-loader-6.x branch July 2, 2024 20:27
@mend-for-github-com mend-for-github-com bot changed the title Update dependency css-loader to v6 - autoclosed Update dependency css-loader to v6 Jul 4, 2024
@mend-for-github-com mend-for-github-com bot restored the whitesource-remediate/css-loader-6.x branch July 4, 2024 21:19
@mend-for-github-com mend-for-github-com bot reopened this Jul 4, 2024
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/css-loader-6.x branch from 1c06bf2 to 46b1aa2 Compare July 4, 2024 21:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
security fix Security fix generated by WhiteSource
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants