build(deps): bump json5, @size-limit/preset-big-lib, css-loader, postcss-loader, postcss-modules, react-styleguidist, rollup-plugin-postcss, ts-loader and webpack

[dependabot]

Bumps json5 to 2.2.3 and updates ancestor dependencies json5, @size-limit/preset-big-lib, css-loader, postcss-loader, postcss-modules, react-styleguidist, rollup-plugin-postcss, ts-loader and webpack. These dependencies need to be updated together.

Updates json5 from 2.1.3 to 2.2.3

Release notes

Sourced from json5's releases.

v2.2.3

• Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1

• Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0

• New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

Changelog

Sourced from json5's changelog.

v2.2.3 [code, diff]

• Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

• Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

• Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

v2.2.0 [code, diff]

• New: Accurate and documented TypeScript declarations are now included. There is no need to install @types/json5. (#236, #244)

Commits

• c3a7524 2.2.3
• 94fd06d docs: update CHANGELOG for v2.2.3
• 3b8cebf docs(security): use GitHub security advisories
• f0fd9e1 docs: publish a security policy
• 6a91a05 docs(template): bug -> bug report
• 14f8cb1 2.2.2
• 10cc7ca docs: update CHANGELOG for v2.2.2
• 7774c10 fix: add proto to objects and arrays
• edde30a Readme: slight tweak to intro
• 97286f8 Improve example in readme
• Additional commits viewable in compare view

Updates @size-limit/preset-big-lib from 2.2.4 to 8.1.0

Changelog

Sourced from @​size-limit/preset-big-lib's changelog.

Change Log

This project adheres to Semantic Versioning.

8.1

• Added "*" value support to import (by @​denkristoffer).

8.0.1

• Fixed config and modifyEsbuildConfig options (by Angelo Ashmore).
• Updated esbuild.

8.0

• Removed Node.js 12 support.
• Added support for third-party plugins support (by @​JounQin).
• Added field with limit to JSON output (by Elliot Westlake).

7.0.8

• Fixed peer dependencies.

7.0.7

• Fixed plugin versions in presets.

7.0.6

• Added brotlied note to CLI output (by @​azat-io).
• Updated nanospinner.

7.0.5

• Added pnpm examples to migration guide.
• Fixed docs (by @​azat-io).

7.0.4

• Updated esbuild.
• Updated nanospinner.

7.0.3

• Fixed package size.

7.0.2

• Fixed peer dependency ignore in @size-limit/esbuild.

7.0.1

• Fixed --save-bundle arguments with @size-limit/esbuild.
• Fixed ignore option with @size-limit/esbuild.
• Fixed brotli option without webpack.
• Fixed error messages.

7.0

• Added @size-limit/esbuild plugin for better performance (by Artem Tumin).
• Moved @size-limit/preset-small-lib to @size-limit/esbuild.
• Moved CSS from webpack plugin to @size-limit/webpack-css (by Egor Ogarkov).
• Moved --why to @size-limit/webpack-why (by Egor Ogarkov).

... (truncated)

Commits

• 2639a52 Release 8.1 version
• 08a6d0c Update docs
• 161faa3 Update tests
• b57476d FIx lock file
• e6d1f6b Update dependencies
• 5b43077 Add CI permissions
• a47e72e Add support for wildcard importing ESM (#297)
• b6be8c6 Fix lock file
• 0c12894 Fix lock file
• 4700806 Fix release script
• Additional commits viewable in compare view

Updates css-loader from 3.6.0 to 6.7.3

Release notes

Sourced from css-loader's releases.

v6.7.3

6.7.3 (2022-12-14)

Bug Fixes

• remove sourceURL from emitted CSS (#1487) (962924c)

v6.7.2

6.7.2 (2022-11-13)

Bug Fixes

• css modules generation with inline syntax (#1480) (2f4c273)

v6.7.1

6.7.1 (2022-03-08)

Bug Fixes

• defaultGetLocalIdent export (#1427) (74dac1e)

v6.7.0

6.7.0 (2022-03-04)

Features

• re-export defaultGetLocalIdent (#1423) (207cf36)

v6.6.0

6.6.0 (2022-02-02)

Features

• added the hashStrategy option (ca4abce)

v6.5.1

6.5.1 (2021-11-03)

Bug Fixes

• regression with unicode characters in locals (b7a8441)
• runtime path generation (#1393) (feafea8)

v6.5.0

... (truncated)

Changelog

Sourced from css-loader's changelog.

6.7.3 (2022-12-14)

Bug Fixes

• remove sourceURL from emitted CSS (#1487) (962924c)

6.7.2 (2022-11-13)

Bug Fixes

• css modules generation with inline syntax (#1480) (2f4c273)

6.7.1 (2022-03-08)

Bug Fixes

• defaultGetLocalIdent export (#1427) (74dac1e)

6.7.0 (2022-03-04)

Features

• re-export defaultGetLocalIdent (#1423) (207cf36)

6.6.0 (2022-02-02)

Features

• added the hashStrategy option (ca4abce)

6.5.1 (2021-11-03)

Bug Fixes

• regression with unicode characters in locals (b7a8441)
• runtime path generation (#1393) (feafea8)

6.5.0 (2021-10-26)

Features

• support absolute URL in url() when experiments.buildHttp enabled (#1389) (8946be4)

... (truncated)

Commits

• ef749f2 chore(release): 6.7.3
• 36fb945 chore: fix cspell
• 962924c fix: remove sourceURL from emitted CSS (#1487)
• 3f3f302 chore(deps): bump decode-uri-component from 0.2.0 to 0.2.2 (#1486)
• 04ca713 chore: update dependencies to the latest version (#1485)
• 9449827 chore: update styfle/cancel-workflow-action (#1484)
• 6c67af8 chore: add cSpell to check spelling issues (#1482)
• 239b9ac chore(deps): bump loader-utils from 2.0.3 to 2.0.4 (#1481)
• 394d200 chore(release): 6.7.2
• 2f4c273 fix: css modules generation with inline syntax (#1480)
• Additional commits viewable in compare view

Updates postcss-loader from 3.0.0 to 7.0.2

Release notes

Sourced from postcss-loader's releases.

v7.0.2

7.0.2 (2022-11-29)

Bug Fixes

• support ESM version of postcss.config.js and postcss.config.mjs (#614) (955085f)

v7.0.1

7.0.1 (2022-07-11)

Bug Fixes

• unexpected failing on CSS syntax error (#593) (888d72e)

v7.0.0

7.0.0 (2022-05-18)

⚠ BREAKING CHANGES

• minimum supported Node.js version is 14.15.0

v6.2.1

6.2.1 (2021-11-26)

Bug Fixes

• watching configuration (#553) (7f165b4)

v6.2.0

6.2.0 (2021-10-13)

Features

• add link field in schema (#540) (1ae8212)

v6.1.1

6.1.1 (2021-07-01)

Bug Fixes

• do not swallow exception from postcss (2eec42b)

v6.1.0

6.1.0 (2021-06-10)

... (truncated)

Changelog

Sourced from postcss-loader's changelog.

7.0.2 (2022-11-29)

Bug Fixes

• support ESM version of postcss.config.js and postcss.config.mjs (#614) (955085f)

7.0.1 (2022-07-11)

Bug Fixes

• unexpected failing on CSS syntax error (#593) (888d72e)

7.0.0 (2022-05-18)

⚠ BREAKING CHANGES

• minimum supported Node.js version is 14.15.0

6.2.1 (2021-11-26)

Bug Fixes

• watching configuration (#553) (7f165b4)

6.2.0 (2021-10-13)

Features

• add link field in schema (#540) (1ae8212)

6.1.1 (2021-07-01)

Bug Fixes

• do not swallow exception from postcss (2eec42b)

6.1.0 (2021-06-10)

Features

• allow String value for the "implementation" option (0d342b1)

6.0.0 (2021-06-10)

... (truncated)

Commits

• 2129116 chore(release): 7.0.2
• 955085f fix: support ESM version of postcss.config.js and postcss.config.mjs (#614)
• b0f4749 chore: update styfle/cancel-workflow-action (#612)
• ab3ff44 chore: add cSpell to check spelling issues (#610)
• 3177135 chore: update dependencies to the latest version (#609)
• 08b19c7 docs: update cla link (#608)
• 49a0943 ci: add node v19 (#607)
• d274f90 ci: add dependency review action (#606)
• 64af37b chore: update dependencies to the latest version (#605)
• 548e8aa chore: update commitlint action (#604)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by evilebottnawi, a new releaser for postcss-loader since your current version.

Updates postcss-modules from 1.5.0 to 6.0.0

Changelog

Sourced from postcss-modules's changelog.

6.0.0

Breaking

The resolve option has two parameters now and can return null. Thanks to Rene Haas (@​KingSora) madyankin/postcss-modules@86d8135

Parameters:

• file — a module we want to resolve
• importer — the file that imports the module we want to resolve

Return value: string | null | Promise<string | null>

postcss([
	require("postcss-modules")({
    	resolve: function (file, importer) {
			return path.resolve(
				path.dirname(importer),
				file.replace(/^@/, process.cwd()
			);
    	},
  	}),
]);

Fixed

• #140 "'Failed to obtain root' error on Windows" fixed by Pierre LeMoine (@​DrInfiniteExplorer) madyankin/postcss-modules#144

Improved

• icss-replace-symbols replaced with with icss-utils by Jason Quense (@​jquense). The updated replacer works better and will replace values in selectors, which didn't work until now. madyankin/postcss-modules#145

5.0.0

• Fixed composes on Windows by @​sapphi-red madyankin/postcss-modules#135
• Updated Babel to v7 by @​sapphi-red. Minimal supported version of Node.js is 10 from now madyankin/postcss-modules#134

4.3.1

• Fixed errors when using shorthand selectors by Felix Bruns (@​fxb) madyankin/postcss-modules#130

4.3.0

• Updated the generic-names dependency to reduce packages size by Bogdan Chadkin (@​TrySound) madyankin/postcss-modules#129

4.2.2

... (truncated)

Commits

• 325f0b3 6.0.0
• a453783 Extract pluginFactory and localConvention into separate modules
• e87c4ab Refactor to prepare the plugin to work in browsers
• 1ad9a28 Flatten file hierarchy
• d0c05d8 Format changelog
• 09e0789 Increase line length to 100
• 6afaf50 Drop the old resolve option's implementation
• 86d8135 add fileResolve option
• 7bb6d2d Fix #140 drive letter case insensitivity
• dc5119e feat: update ICSS utils to current package
• Additional commits viewable in compare view

Updates react-styleguidist from 10.6.2 to 13.0.0

Release notes

Sourced from react-styleguidist's releases.

v13.0.0

13.0.0 (2022-10-14)

• Upgrade to React 17 (#2037) (374acc5), closes #2037

BREAKING CHANGES

• React 16 no longer supported

v12.0.1

12.0.1 (2022-10-06)

Bug Fixes

• ensure devserver client options are configurable (#2034) (f1a0c21)

v12.0.0

12.0.0 (2022-09-05)

Features

• Upgrade to Webpack 5 (#1996) (a460fcc), closes #1932

BREAKING CHANGES

• Webpack 4 is no longer supported.

v12.0.0-alpha9.9

• fix: Move sucrase back to dependencies 05825f79

styleguidist/react-styleguidist@v12.0.0-alpha9.8...v12.0.0-alpha9.9

v12.0.0-alpha9.8

• Polyfill process for webpack 5 925b40de
• Avoid errors about imports without extension in webpack 5 70a06179
• Fix pagePerSection, improve types, simplify 13898771
• Fix isolation for the first (index = 0) example faf749c3
• Refactor inline Markdown 3dffa2e1

v12.0.0-alpha9.7

• Use // to instead of / for target index in the URL to avoid conflicts d563606e

styleguidist/react-styleguidist@v12.0.0-alpha9.6...v12.0.0-alpha9.7

... (truncated)

Commits

• 374acc5 Upgrade to React 17 (#2037)
• f1a0c21 fix: ensure devserver client options are configurable (#2034)
• 80b5e84 chore: Try to remove Netlify config to fix the site build
• cfd8458 chore: Update lock files
• 51db5e1 docs: Move ads to the top of the sidebar, fix refreshing on navigation 📢
• a460fcc feat: Upgrade to Webpack 5 (#1996)
• 4c55077 Build(deps): Bump ua-parser-js in /examples/webpack (#1928)
• e630725 Build(deps): Bump browserslist in /examples/webpack (#1927)
• 2c855fa Build(deps): Bump follow-redirects in /examples/react-native (#1924)
• 7f4d1fa Build(deps): Bump follow-redirects in /examples/preact (#1921)
• Additional commits viewable in compare view

Updates rollup-plugin-postcss from 2.9.0 to 4.0.2

Release notes

Sourced from rollup-plugin-postcss's releases.

v4.0.2

4.0.2 (2021-11-22)

Bug Fixes

• prioritize dart-sass over node-sass (#402) (caf3429)

v4.0.1

4.0.1 (2021-08-12)

Bug Fixes

• update to cssnano 5 (#357) (118253e)

v4.0.0

4.0.0 (2020-12-07)

Features

• upgrade postcss to 8.x (ceee1bc)

BREAKING CHANGES

• upgrade postcss to 8.x

Co-authored-by: Edward Elric SASUKE688848@gmail.com Co-authored-by: Ward Peeters ward@coding-tech.com

v3.1.8

3.1.8 (2020-08-30)

Bug Fixes

• make sourceMaps relative to the CSS output file (#274) (3de028d)

v3.1.7

3.1.7 (2020-08-30)

Bug Fixes

• types: options is actually optional (#311) (a7299a4)

v3.1.6

3.1.6 (2020-08-24)

... (truncated)

Commits

• See full diff in compare view

Updates ts-loader from 6.2.2 to 9.4.2

Release notes

Sourced from ts-loader's releases.

v9.4.2

• Bug fix: Use custom transformer when building solution references #1025 - thanks @​feosuna1

9.4.1

• Hotfix: Disable enhanced-resolve - thanks @​manuth

v9.4.0

• Add Support for Resolving .cjs, .mjs, .cts and .mts Files #1503 - thanks @​manuth

v9.3.1

• Bug fix: Generate declaration files for js files if allowJs is set to true #1260 - thanks @​hediet and @​mvilliger

v9.3.0

• simplify configuration for fork-ts-checker-webpack-plugin - thanks @​piotr-oles

v9.2.9

• make v9 latest following v8 release - thanks @​johnnyreilly

v9.2.8

• Bug fix: support webpack 5 in ts-loader #1438 - thanks @​einatbar

v9.2.7

• cater for change in resolveTypeReferenceDirective API in TypeScript 4.7 #1421 - thanks @​johnnyreilly and @​cspotcode for inspiration in ts-node work here: TypeStrong/ts-node#1648

v9.2.6

• Docs fix for thread-loader / history - thanks @​johnnyreilly

v9.2.5

• Add function to get the latest program - thanks @​Zn4rK

v9.2.4

• Fix undefined configPath now falls back to default - thanks @​johnnyreilly

v9.2.3

• Fix error message for invalid getCustomTransformers modules - thanks @​blaky

v9.2.2

• Start consuming webpack loader types - thanks @​johnnyreilly
• Add webpack minimum version in peerDependencies - thanks @​afdev82

v9.2.1

• Make v9 latest in npm again - thanks @​johnnyreilly

v9.2.0

• Fixed impossibility to have several instances of ts-loader with different compiler options - thanks @​timocov

v9.1.2

• Fix removed files handling in watch mode - thanks @​gasnier

v9.1.1

... (truncated)

Changelog

Sourced from ts-loader's changelog.

9.4.2

• Bug fix: Use custom transformer when building solution references #1025 - thanks @​feosuna1

9.4.1

• Hotfix: Disable enhanced-resolve - thanks @​manuth

v9.4.0

• Add Support for Resolving .cjs, .mjs, .cts and .mts Files #1503 - thanks @​manuth

v9.3.1

• Bug fix: Generate declaration files for js files if allowJs is set to true #1260 - thanks @​hediet and @​mvilliger

v9.3.0

• simplify configuration for fork-ts-checker-webpack-plugin - thanks @​piotr-oles

v9.2.9

• make v9 latest following v8 release - thanks @​johnnyreilly

v9.2.8

• Bug fix: support webpack 5 in ts-loader #1438 - thanks @​einatbar

v9.2.7

• cater for change in resolveTypeReferenceDirective API in TypeScript 4.7 #1421 - thanks @​johnny_reilly and @​cspotcode for inspiration in ts-node work here: TypeStrong/ts-node#1648

v9.2.6

• Docs fix for thread-loader / history - thanks @​johnnyreilly

v9.2.5

• Add function to get the latest program - thanks @​Zn4rK

v9.2.4

• Fix undefined configPath now falls back to default - thanks @​johnnyreilly

v9.2.3

• Fix error message for invalid getCustomTransformers modules - thanks @​blaky

v9.2.2

• Start consuming webpack loader types - thanks @​johnnyreilly
• Add webpack minimum version in peerDependencies - thanks @​afdev82

... (truncated)

Commits

• 5e7220b Use custom transformer when building solution references (#1550)
• 87a9fff add missing comma in README.md (#1551)
• 620ee79 Typescript 4 9 (#1547)
• 3319b91 chore(deps): bump minimatch in /examples/project-references-example (#1530)
• 60e5784 Fix anchor jumping in README.md (#1521)
• 5c66d2b Update outdated LICENSE year (#1513)
• 64a4136 Bump terser from 4.8.0 to 4.8.1 in /examples/project-references-example (#1489)
• cf1d227 Bump lodash in /test/execution-tests/babel-codeSplitting (#1435)
• e76abb0 Add Tests and Remarks Concerning the New .cts And .mts File Extensions (#...
• d9fcbfd Hotfix: Disable enhanced-resolve (#1506)
• Additional commits viewable in compare view

Updates webpack from 4.43.0 to 5.75.0

Release notes

Sourced from webpack's releases.

v5.75.0

Bugfixes

• experiments.* normalize to false when opt-out
• avoid NaN%
• show the correct error when using a conflicting chunk name in code
• HMR code tests existance of window before trying to access it
• fix eval-nosources-* actually exclude sources
• fix race condition where no module is returned from processing module
• fix position of standalong semicolon in runtime code

Features

• add support for @import to extenal CSS when using experimental CSS in node
• add i64 support to the deprecated WASM implementation

Developer Experience

• expose EnableWasmLoadingPlugin
• add more typings
• generate getters instead of readonly properties in typings to allow overriding them

v5.74.0

Features

• add resolve.extensionAlias option which allows to alias extensions
  • This is useful when you are forced to add the .js extension to imports when the file really has a .ts extension (typescript + "type": "module")
• add support for ES2022 features like static blocks
• add Tree Shaking support for ProvidePlugin

Bugfixes

• fix persistent cache when some build dependencies are on a different windows drive
• make order of evaluation of side-effect-free modules deterministic between concatenated and non-concatenated modules
• remove left-over from debugging in TLA/async modules runtime code
• remove unneeded extra 1s timestamp offset during watching when files are actually untouched
  • This sometimes caused an additional second build which are not really needed
• fix shareScope option for ModuleFederationPlugin
• set "use-credentials" also for same origin scripts

Performance

• Improve memory usage and performance of aggregating needed files/directories for watching
  • This affects rebuild performance

Extensibility

• export HarmonyImportDependency for plugins

v5.73.0

... (truncated)

Commits

• 8241da7 5.75.0
• a91d923 Merge pull request #16458 from webpack/bugfix/semi
• 4608b11 Merge pull request #16457 from webpack/tooling/update
• dfdd0b0 Merge pull request #16122 from AnmolBansalDEV/bug/compilationCallback
• 23b9a1c Merge pull request #16167 from exposir/fixts
• 6f2c5e8 Merge pull request #16257 from alexzhang1030/calc_deterministic_verbose
• f7f36ad Merge pull request #16339 from Liamolucko/wasm-i64
• 761a542 fix semicolon position
• 2403a36 Merge pull request #16345 from ahabhgk/fix-eval-nosources
• c18203c update tooling
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.