Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update dependency css-loader to v6 (main) #1960

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

mend-for-github-com[bot]
Copy link

@mend-for-github-com mend-for-github-com bot commented Apr 29, 2024

This PR contains the following updates:

Package Type Update Change
css-loader dependencies major ^5.2.7 -> ^6.0.0

By merging this PR, the issue #1430 will be automatically resolved and closed:

Severity CVSS Score CVE Reachability
Medium Medium 5.3 CVE-2023-44270

Unreachable

Medium Medium 4.3 CVE-2024-55565
Medium Medium 4.0 CVE-2021-23566

Unreachable


Release Notes

webpack-contrib/css-loader (css-loader)

v6.9.0

Compare Source

Features
Bug Fixes
6.8.1 (2023-05-28)
Bug Fixes

v6.8.1

Compare Source

v6.8.0

Compare Source

Features
  • use template literal when it possible to prevent Maximum call stack size exceeded (#​1525) (6eb5661)
Bug Fixes
6.7.4 (2023-05-19)
Bug Fixes
6.7.3 (2022-12-14)
Bug Fixes
6.7.2 (2022-11-13)
Bug Fixes
6.7.1 (2022-03-08)
Bug Fixes

v6.7.4

Compare Source

v6.7.3

Compare Source

v6.7.2

Compare Source

v6.7.1

Compare Source

v6.7.0

Compare Source

Features

v6.6.0

Compare Source

Features
  • added the hashStrategy option (ca4abce)
6.5.1 (2021-11-03)
Bug Fixes

v6.5.1

Compare Source

v6.5.0

Compare Source

Features
  • support absolute URL in url() when experiments.buildHttp enabled (#​1389) (8946be4)
Bug Fixes
  • respect nosources in the devtool option (c60eff2)

v6.4.0

Compare Source

Features
  • generate more collision resistant for locals (c7db752)
Bug Fixes
  • classes generation for client and server bundling (303a3a1)

v6.3.0

Compare Source

Features
  • added [folder] placeholder (a0dee4f)
  • added the exportType option with 'array', 'string' and 'css-style-sheet' values (c6d2066)
    • 'array' - the default export is Array with API for style-loader and other
    • 'string' - the default export is String you don't need to-string-loader loader anymore
    • 'css-style-sheet' - the default export is a constructable stylesheet, you can use import sheet from './styles.css' assert { type: 'css' }; like in a browser, more information you can find here
  • supported supports() and layer() functions in @import at-rules (#​1377) (bce2c17)
  • fix multiple merging multiple @media at-rules (#​1377) (bce2c17)
Bug Fixes

v6.2.0

Compare Source

Features
  • allow the exportLocalsConvention option can be a function, useful for named export (#​1351) (3c4b357)

v6.1.0

Compare Source

Features
Bug Fixes

v6.0.0

Compare Source

Notes
  • using ~ is deprecated when the esModule option is enabled (enabled by default) and can be removed from your code (we recommend it) (url(~package/image.png) -> url(package/image.png), @import url(~package/style.css) -> @import url(package/style.css), composes: import from '~package/one.css'; -> composes: import from 'package/one.css';), but we still support it for historical reasons. Why can you remove it? The loader will first try to resolve @import/url()/etc as relative, if it cannot be resolved, the loader will try to resolve @import/url()/etc inside node_modules or modules directories.
  • file-loader and url-loader are deprecated, please migrate on asset modules, since v6 css-loader is generating new URL(...) syntax, it enables by default built-in assets modules, i.e. type: 'asset' for all url()
⚠ BREAKING CHANGES
  • minimum supported Node.js version is 12.13.0
  • minimum supported webpack version is 5, we recommend to update to the latest version for better performance
  • for url and import options Function type was removed in favor Object type with the filter property, i.e. before { url: () => true }, now { url: { filter: () => true } } and before { import: () => true }, now { import: { filter: () => true } }
  • the modules.compileType option was removed in favor the modules.mode option with icss value, also the modules option can have icss string value
  • new URL() syntax used for url(), only when the esModule option is enabled (enabled by default), it means you can bundle CSS for libraries
  • data URI are handling in url(), it means you can register loaders for them, example
  • aliases with false value for url() now generate empty data URI (i.e. data:0,), only when the esModule option is enabled (enabled by default)
  • [ext] placeholder don't need . (dot) before for the localIdentName option, i.e. please change .[ext] on [ext] (no dot before)
  • [folder] placeholder was removed without replacement for the localIdentName option, please use a custom function if you need complex logic
  • [emoji] placeholder was removed without replacement for the localIdentName option, please use a custom function if you need complex logic
  • the localIdentHashPrefix was removed in favor the localIdentHashSalt option
Features
  • supported resolve.byDependency.css resolve options for @import
  • supported resolve.byDependency.icss resolve CSS modules and ICSS imports (i.e. composes/etc)
  • added modules.localIdentHashFunction, modules.localIdentHashDigest, modules.localIdentHashDigestLength options for better class hashing controlling
  • less dependencies
Bug Fixes
  • better performance
  • fixed circular @import
Notes
  • we strongly recommend not to add .css to resolve.extensions, it reduces performance and in most cases it is simply not necessary, alternative you can set resolve options by dependency
5.2.7 (2021-07-13)
Bug Fixes
  • fix crash when source map is unavailable with external URL in [@import](https://redirect.github.com/import) (bb76fe4)
5.2.6 (2021-05-24)
Bug Fixes
  • always write locals export when css modules/icss enabled (#​1315) (075d9bd)
5.2.5 (2021-05-20)
Bug Fixes
5.2.4 (2021-04-19)
Bug Fixes
5.2.3 (2021-04-19)
Bug Fixes
  • improve performance
5.2.2 (2021-04-16)
Bug Fixes
  • avoid escape nonASCII characters in local names (0722733)
5.2.1 (2021-04-09)
Bug Fixes

  • If you want to rebase/retry this PR, check this box

@mend-for-github-com mend-for-github-com bot added the security fix Security fix generated by Mend label Apr 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
security fix Security fix generated by Mend
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants