[Snyk] Upgrade style-loader from 0.23.1 to 3.3.1

[snyk-bot]

Snyk has created this PR to upgrade style-loader from 0.23.1 to 3.3.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

Warning: This is a major version upgrade, and may be a breaking change.

• The recommended version is 18 versions ahead of your current version.
• The recommended version was released 10 months ago, on 2021-10-21.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WEBSOCKETEXTENSIONS-570623	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Improper Input Validation SNYK-JS-URLPARSE-2407770	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-NODEFORGE-598677	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-608086	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-567746	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Command Injection SNYK-JS-LODASH-1040724	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-JSONSCHEMA-1920922	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-INI-1048974	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Cryptographic Issues SNYK-JS-ELLIPTIC-571484	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Remote Memory Exposure SNYK-JS-DNSPACKET-1293563	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-ASYNC-2441827	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIHTML-1296849	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-AJV-584908	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-YARGSPARSER-560381	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-YARGSPARSER-560381	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Authorization Bypass Through User-Controlled Key SNYK-JS-URLPARSE-2412697	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Authorization Bypass SNYK-JS-URLPARSE-2407759	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Access Restriction Bypass SNYK-JS-URLPARSE-2401205	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Open Redirect SNYK-JS-URLPARSE-1533425	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Improper Input Validation SNYK-JS-URLPARSE-1078283	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Denial of Service (DoS) SNYK-JS-SOCKJS-575261	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1090595	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-559764	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-559764	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-JQUERY-567880	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Mature
	Cross-site Scripting (XSS) SNYK-JS-JQUERY-565129	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Mature
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1243891	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1085627	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Denial of Service (DoS) SNYK-JS-HTTPPROXY-569139	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Information Exposure SNYK-JS-EVENTSOURCE-2823375	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-DOTPROP-543489	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Validation Bypass SNYK-JS-KINDOF-537849	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: style-loader

• 3.3.1 - 2021-10-21
  

  3.3.1 (2021-10-21)

  Bug Fixes

  • small perf improvement (#544) (610524e)
• 3.3.0 - 2021-09-21
  

  3.3.0 (2021-09-21)

  Features

  • added support for supports(), layer() and media from @ import at-rules (b9a600c)
  • allow to pass options to insert function through style.use() (#535) (f8ef63b)
• 3.2.1 - 2021-07-20
  

  3.2.1 (2021-07-20)

  Bug Fixes

  • added the styletagtransform option when it is a module to addBuildDependency (#528) (270513f)
• 3.2.0 - 2021-07-20
  

  3.2.0 (2021-07-20)

  Features

  • add link field in schema (#525) (7ed3456)

  Bug Fixes

  • added the insert option when it is a module to addBuildDependency (#527) (3963c0b)
• 3.1.0 - 2021-07-12
  

  3.1.0 (2021-07-12)

  Features

  • allow to specify the insert option from file, we strongly recommend do it, using the insert option from file will reduce your bundle size, example (#521) (56fc8f0)
  • allow to specify the styleTagTransform option from file, we strongly recommend do it, using the styleTagTransform option from file will reduce your bundle size, example

  Bug Fixes

  • reduce runtime (#519) (8a26186)
  • reduce runtime when you use custom options (#520) (21c80c8)
• 3.0.0 - 2021-06-24
  

  3.0.0 (2021-06-24)

  ⚠ BREAKING CHANGES

  • minimum supported Node.js version is 12.13.0
  • minimum supported webpack version is 5.0.0
  • the modules.namedExport option was removed, you don't need it anymore, because we respect the modules.namedExport option from css-loader (we just reexport all from css-loader), just remove it
  • the styleTag value of the injectType (default value) option earlier uses singleton style tag by default for IE8-IE9 due limitations (more information), in this release we have disabled this behavior, because these versions of IE are outdated, if you don't support these browsers this change does not affect you, if you require to support IE8-IE9, you can return old behaviour by setting autoStyleTag value for the injectType option (do the same for lazyStyleTag, i.e. change it to lazyAutoStyleTag)

  Features

  • added autoStyleTag and lazyAutoStyleTag values for the injectType option for compatibility of work modern and IE8-IE9 browsers
  • added styleTagTransform option for custom processing style tags (useful if you need ponyfill CSS custom properties for IE8-IE10)
  • reduce size of generated code
  • reduce deps
• 2.0.0 - 2020-10-09
  

  ⚠ BREAKING CHANGES

  • minimum supported Node.js version is 10.13.0
  • the esModule option is true by default, you need to change const locals = require('./styles.css')/require('./styles.css') on import locals from './styles.css'/import './styles.css'' (#489) (727a24d)
  • removed support for loaders returning String instead of Array (#491) (7a0ce4c)

  ⚠ NOTICE

  To avoid problems between style-loader and mini-css-extract-plugin because of changing the esModule option to true by default we strongly recommend upgrading mini-css-extract-plugin to 1.0.0 version.

• 1.3.0 - 2020-10-03
  

  1.3.0 (2020-10-03)

  Features

  • added modules.namedExport (#485) (15889db)

  Bug Fixes

  • check if btoa exists for old IE versions (#479) (732ef8b)
  • esModule option issue (#476) (c623f27)
• 1.2.1 - 2020-04-28
  

  1.2.1 (2020-04-28)

  Bug Fixes

  • hot module replacement logic for lazy type (#468) (88a5c2b)
• 1.2.0 - 2020-04-24
  

  1.2.0 (2020-04-24)

  Features

  • hot module replacement for css modules (6d14e0a)
• 1.1.4 - 2020-04-15
• 1.1.3 - 2020-01-17
• 1.1.2 - 2019-12-25
• 1.1.1 - 2019-12-20
• 1.1.0 - 2019-12-20
• 1.0.2 - 2019-12-17
• 1.0.1 - 2019-11-28
• 1.0.0 - 2019-08-06
• 0.23.1 - 2018-10-08

from style-loader GitHub release notes

Commit messages

Package name: style-loader

• 4663416 chore(release): 3.3.1
• 610524e fix: small perf improvement (Remove Wyrm? Move to something else? readthedocs/sphinx_rtd_theme#544)
• c799ecc chore(release): 3.3.0
• b47718a test: update (Do not set the default role for the body tag readthedocs/sphinx_rtd_theme#542)
• 43bede4 refactor: code (Always build docs with latest theme readthedocs/sphinx_rtd_theme#541)
• b9a600c feat: added support for `@ supports`, `@ layer` and `@ media` from `@ import` at-rules
• 74fa1cf chore(deps): update (sidebar table of contents limited nesting? readthedocs/sphinx_rtd_theme#539)
• cdf0ba7 refactor: code
• caf66a0 chore(deps): update
• f8ef63b feat: allow to pass options to `insert` function through `style.use()` (Readme sections in sidebar readthedocs/sphinx_rtd_theme#535)
• b21d81a docs: update bug report template (Remove mathjax_path override readthedocs/sphinx_rtd_theme#534)
• 2c247e2 docs: update README (Do not warn about using external images readthedocs/sphinx_rtd_theme#533)
• d45b55a ci: update `codecov-action` (Do not make local-toc contents always visible readthedocs/sphinx_rtd_theme#532)
• 13b43d6 ci: update commitlint action to v4 (Uglify during build readthedocs/sphinx_rtd_theme#531)
• 5ebdc5f ci: setup npm cache (:github_url: as a theme option readthedocs/sphinx_rtd_theme#529)
• 7c5b15f chore(release): 3.2.1
• 270513f fix: added the `styletagtransform` option when it is a module to `addBuildDependency` (Docs: Add windows make file readthedocs/sphinx_rtd_theme#528)
• a0ee2e0 chore(release): 3.2.0
• 3963c0b fix: added the `insert` option when it is a module to `addBuildDependency` (Minimize theme.js file readthedocs/sphinx_rtd_theme#527)
• 6e70da0 ci: use `actions/setup-node@v2` (Decide on code font readthedocs/sphinx_rtd_theme#524)
• 7ed3456 feat: add link field in schema (Decide on use of Modernizr readthedocs/sphinx_rtd_theme#525)
• b33791b chore(release): 3.1.0
• 42ca0ca feat: styleTagTransform option processed absolute path (Run grunt readthedocs/sphinx_rtd_theme#522)
• 56fc8f0 feat: allow to specify the `insert` option from file, we strongly recommend do it when you specify the custom `insert` option to reduce bundle size (Remove image from readme, and link demo to site readthedocs/sphinx_rtd_theme#521)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs