Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update dependency css-loader to v6 #272

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

mend-for-github-com[bot]
Copy link

@mend-for-github-com mend-for-github-com bot commented Jul 1, 2024

This PR contains the following updates:

Package Type Update Change
css-loader dependencies major ^3.6.0 -> ^6.0.0

By merging this PR, the below issues will be automatically resolved and closed:

Severity CVSS Score CVE GitHub Issue
Medium 5.3 CVE-2021-23368 #43
Medium 5.3 CVE-2021-23382 #46
Medium 5.3 CVE-2023-44270 #271

Release Notes

webpack-contrib/css-loader (css-loader)

v6.9.0

Compare Source

Features
Bug Fixes
6.8.1 (2023-05-28)
Bug Fixes

v6.8.1

Compare Source

v6.8.0

Compare Source

Features
  • use template literal when it possible to prevent Maximum call stack size exceeded (#​1525) (6eb5661)
Bug Fixes
6.7.4 (2023-05-19)
Bug Fixes
6.7.3 (2022-12-14)
Bug Fixes
6.7.2 (2022-11-13)
Bug Fixes
6.7.1 (2022-03-08)
Bug Fixes

v6.7.4

Compare Source

v6.7.3

Compare Source

v6.7.2

Compare Source

v6.7.1

Compare Source

v6.7.0

Compare Source

Features

v6.6.0

Compare Source

Features
  • added the hashStrategy option (ca4abce)
6.5.1 (2021-11-03)
Bug Fixes

v6.5.1

Compare Source

v6.5.0

Compare Source

Features
  • support absolute URL in url() when experiments.buildHttp enabled (#​1389) (8946be4)
Bug Fixes
  • respect nosources in the devtool option (c60eff2)

v6.4.0

Compare Source

Features
  • generate more collision resistant for locals (c7db752)
Bug Fixes
  • classes generation for client and server bundling (303a3a1)

v6.3.0

Compare Source

Features
  • added [folder] placeholder (a0dee4f)
  • added the exportType option with 'array', 'string' and 'css-style-sheet' values (c6d2066)
    • 'array' - the default export is Array with API for style-loader and other
    • 'string' - the default export is String you don't need to-string-loader loader anymore
    • 'css-style-sheet' - the default export is a constructable stylesheet, you can use import sheet from './styles.css' assert { type: 'css' }; like in a browser, more information you can find here
  • supported supports() and layer() functions in @import at-rules (#​1377) (bce2c17)
  • fix multiple merging multiple @media at-rules (#​1377) (bce2c17)
Bug Fixes

v6.2.0

Compare Source

Features
  • allow the exportLocalsConvention option can be a function, useful for named export (#​1351) (3c4b357)

v6.1.0

Compare Source

Features
Bug Fixes

v6.0.0

Compare Source

Notes
  • using ~ is deprecated when the esModule option is enabled (enabled by default) and can be removed from your code (we recommend it) (url(~package/image.png) -> url(package/image.png), @import url(~package/style.css) -> @import url(package/style.css), composes: import from '~package/one.css'; -> composes: import from 'package/one.css';), but we still support it for historical reasons. Why can you remove it? The loader will first try to resolve @import/url()/etc as relative, if it cannot be resolved, the loader will try to resolve @import/url()/etc inside node_modules or modules directories.
  • file-loader and url-loader are deprecated, please migrate on asset modules, since v6 css-loader is generating new URL(...) syntax, it enables by default built-in assets modules, i.e. type: 'asset' for all url()
⚠ BREAKING CHANGES
  • minimum supported Node.js version is 12.13.0
  • minimum supported webpack version is 5, we recommend to update to the latest version for better performance
  • for url and import options Function type was removed in favor Object type with the filter property, i.e. before { url: () => true }, now { url: { filter: () => true } } and before { import: () => true }, now { import: { filter: () => true } }
  • the modules.compileType option was removed in favor the modules.mode option with icss value, also the modules option can have icss string value
  • new URL() syntax used for url(), only when the esModule option is enabled (enabled by default), it means you can bundle CSS for libraries
  • data URI are handling in url(), it means you can register loaders for them, example
  • aliases with false value for url() now generate empty data URI (i.e. data:0,), only when the esModule option is enabled (enabled by default)
  • [ext] placeholder don't need . (dot) before for the localIdentName option, i.e. please change .[ext] on [ext] (no dot before)
  • [folder] placeholder was removed without replacement for the localIdentName option, please use a custom function if you need complex logic
  • [emoji] placeholder was removed without replacement for the localIdentName option, please use a custom function if you need complex logic
  • the localIdentHashPrefix was removed in favor the localIdentHashSalt option
Features
  • supported resolve.byDependency.css resolve options for @import
  • supported resolve.byDependency.icss resolve CSS modules and ICSS imports (i.e. composes/etc)
  • added modules.localIdentHashFunction, modules.localIdentHashDigest, modules.localIdentHashDigestLength options for better class hashing controlling
  • less dependencies
Bug Fixes
  • better performance
  • fixed circular @import
Notes
  • we strongly recommend not to add .css to resolve.extensions, it reduces performance and in most cases it is simply not necessary, alternative you can set resolve options by dependency
5.2.7 (2021-07-13)
Bug Fixes
  • fix crash when source map is unavailable with external URL in [@import](https://redirect.github.com/import) (bb76fe4)
5.2.6 (2021-05-24)
Bug Fixes
  • always write locals export when css modules/icss enabled (#​1315) (075d9bd)
5.2.5 (2021-05-20)
Bug Fixes
5.2.4 (2021-04-19)
Bug Fixes
5.2.3 (2021-04-19)
Bug Fixes
  • improve performance
5.2.2 (2021-04-16)
Bug Fixes
  • avoid escape nonASCII characters in local names (0722733)
5.2.1 (2021-04-09)
Bug Fixes

v5.2.7

Compare Source

v5.2.6

Compare Source

v5.2.5

Compare Source

v5.2.4

Compare Source

v5.2.3

Compare Source

v5.2.2

Compare Source

v5.2.1

Compare Source

v5.2.0

Compare Source

Features
5.1.4 (2021-03-24)
Bug Fixes
5.1.3 (2021-03-15)
Bug Fixes
  • the auto option works using inline module syntax (#​1274) (1db2f4d)
  • ident generation for CSS modules using inline module syntax (#​1274) (1db2f4d)
5.1.2 (2021-03-10)
Bug Fixes
  • handling @import with spaces before and after and any extensions (#​1272) (0c47cf7)
  • inline loader syntax in @import and modules (3f49ed0)
5.1.1 (2021-03-01)
Bug Fixes

v5.1.4

Compare Source

v5.1.3

Compare Source

v5.1.2

Compare Source

v5.1.1

Compare Source

v5.1.0

Compare Source

Features
5.0.2 (2021-02-08)
Bug Fixes
5.0.1 (2020-11-04)
Bug Fixes

v5.0.2

Compare Source

v5.0.1

Compare Source

v5.0.0

Compare Source

⚠ BREAKING CHANGES
  • migrate on PostCSS 8
  • runtime doesn't contain source maps code without sourceMap: true
  • returned value from the getLocalIdent escapes by default, the exportName value is always unescaped
  • Auto enable icss modules for all files for which /\.icss\.\w+$/i (the modules.compileType option is icss)
  • [emoji] placeholder was deprecated
  • icss option was removed (it was deprecated previously)
Features

v4.3.0

Compare Source

Features
Bug Fixes
  • line breaks in url function (88b8ddc)
4.2.2 (2020-08-24)
Bug Fixes
  • source maps generation, source from source maps are now relative to compiler.context and use webpack:// protocol (#​1169) (fb5c53d)
4.2.1 (2020-08-06)
Bug Fixes
  • regression with the exportOnlyLocals option, now locals are not exported under the locals name, it was big regression, we apologize for that (24c0a12)

v4.2.2

Compare Source

v4.2.1

Compare Source

v4.2.0

Compare Source

Features
  • add module.type option, the icss option is deprecated (#​1150) (68f72af)
4.1.1 (2020-07-30)
Bug Fixes

v4.1.1

Compare Source

v4.1.0

Compare Source

Features
Bug Fixes

v4.0.0

Compare Source

⚠ BREAKING CHANGES
  • minimum required Node.js version is 10.13.0
  • minimum required webpack version is 4.27.0
  • the esModule option is true by default
  • default value of the sourceMap option depends on the devtool option
  • icss plugin disable by default, you need to setup the modules option to enable it
  • the modules option is true by default for all files matching /\.module\.\w+$/i.test(filename) regular expression, module.auto is true by default
  • the modules.context option was renamed to the modules.localIdentContext option
  • default the modules.localIdentContext value is compiler.context for the module.getLocalIdent option
  • the modules.hashPrefix option was renamed to the modules.localIdentHashPrefix option
  • the localsConvention option was moved and renamed to the modules.exportLocalsConvention option
  • the getLocalIndent option should be always Function and should always return String value
  • the onlyLocals option was moved and renamed to the modules.exportOnlyLocals option
  • function arguments of the import option were changed, it is now function(url, media, resourcePath) {}
  • inline syntax was changed, please write ~ before the file request, i.e. rewrite url(~!!loader!package/img.png) to url(!!loader!~package/img.png)
  • url() resolving algorithm now handles absolute paths instead of ignoring them. This can break builds which relied on absolute paths to refer to the asset directory. (bc19ddd)
Features
  • @value supports importing url() (#​1126) (7f49a0a)
  • improve url() resolving algorithm to support more path types (bc19ddd)
  • named export for locals (#​1108) (d139ec1)
  • respected the style field from package.json (#​1099) (edf5347)
  • support file: protocol (5604205)
  • support server relative URLs
Bug Fixes
  • resolution algorithm, you don't need ~ inside packages in node_modules (76f1480)

  • If you want to rebase/retry this PR, check this box

@mend-for-github-com mend-for-github-com bot added the security fix Security fix generated by WhiteSource label Jul 1, 2024
@mend-for-github-com mend-for-github-com bot changed the title Update dependency css-loader to v6 Update dependency css-loader to v6 - autoclosed Jul 2, 2024
@mend-for-github-com mend-for-github-com bot deleted the whitesource-remediate/css-loader-6.x branch July 2, 2024 20:25
@mend-for-github-com mend-for-github-com bot restored the whitesource-remediate/css-loader-6.x branch July 4, 2024 21:19
@mend-for-github-com mend-for-github-com bot changed the title Update dependency css-loader to v6 - autoclosed Update dependency css-loader to v6 Jul 4, 2024
@mend-for-github-com mend-for-github-com bot reopened this Jul 4, 2024
@mend-for-github-com mend-for-github-com bot force-pushed the whitesource-remediate/css-loader-6.x branch from 177846c to 01ebc01 Compare July 4, 2024 21:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
security fix Security fix generated by WhiteSource
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants