[Snyk] Fix for 4 vulnerabilities

[javifelices]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: caniuse-api

The new version differs by 14 commits.

• 1b74c10 3.0.0
• 3ab3a83 updating browserslist to v4
• 11c9091 preparing for 2.1.0
• fb40d95 use yarn and bump dependencies
• 5e41118 remove footnotes related stuff
• 54457e2 add yarn.lock
• ceb721c add tests to isSupported for multiple browsers and throw
• f0c5d88 Change X to lowercase for getSupport
• eaac367 Merge pull request cssnext users MoOx/postcss-cssnext#71 from le0nik/update_browserslist_3
• 7e57b2d Update browserslist to v3
• 851c1a3 2.0.0
• 9211b85 Merge pull request Support for Repeating-radial/linear-gradient MoOx/postcss-cssnext#59 from ben-eb/caniuse-lite
• b9bb0ac Upgrade Browserslist to 2.0.0.
• 1f10589 Migrate from caniuse-db to caniuse-lite. Closes add postcss-url to adjust ﹫import(ed) url() ? MoOx/postcss-cssnext#57.

See the full diff

Package name: chalk

The new version differs by 53 commits.

• 3fca615 2.0.0
• f66271e Add tagged template literal (Nested custom selectors don't work MoOx/postcss-cssnext#163)
• 23ef1c7 fix linter errors
• c015568 add rainbow example
• 09fb2d8 Re-implement `chalk.enabled` (Rename from/to options to source/dest ? MoOx/postcss-cssnext#160)
• 608242a spoof supports-color
• 18f2e7c add host information output
• 523b998 Revert "TEMPORARY: emergency travis CI fix (see comments)"
• 54975fb TEMPORARY: emergency travis CI fix (see comments)
• 1d73b21 Improve readme
• 6f4d6b3 Bump dependencies
• 8702496 Remove `chalk.styles`
• 0412cdf Minor code improvements
• 249b9ac ES2015ify the codebase
• cb3f230 Add RGB (256/Truecolor) support (Fix URLs in footer for children pages MoOx/postcss-cssnext#140)
• dbae68d Update dependent package count in the readme (Bump version MoOx/postcss-cssnext#154)
• 9b60021 Drop support for Node.js 0.10 and 0.12
• 0d21449 check parent builder object for enabled status (Added link to all postcss plugin MoOx/postcss-cssnext#142)
• 5a69476 add XO badge
• 492f11f add example file
• 4ce73b6 make XO happy
• 7c02cf4 Add log statement to chalk examples (Fixed undefined when printing bug report URL. MoOx/postcss-cssnext#129)
• 835ca3d You've just reached 10,000 dependent modules. (Watcher test issues in Linux MoOx/postcss-cssnext#122)
• 74c087d minor doc improvements (Add a note for people that want to help MoOx/postcss-cssnext#120)

See the full diff

Package name: pixrem

The new version differs by 9 commits.

• 80581f4 Bump major version to drop node 4 support
• e72db33 Merge pull request import in 1.0.0 seems to be lot slower than 0.6.x MoOx/postcss-cssnext#65 from ai/dependencies
• acfa952 Update Node.js versions
• 6cdca78 Update dependencies
• 5ac0e16 Merge pull request "Cannot read property '_autoprefixerDisabled' of undefined'" MoOx/postcss-cssnext#47 from sebdeckers/patch-1
• 465958b 4.0.1
• b759c20 4.0.0
• d317b0a Bump to PostCSS v6 & Browserslist v2 (fix Disallow webpack from using cssnext as a loader MoOx/postcss-cssnext#61 First pass at integrating postcss-url into cssnext MoOx/postcss-cssnext#62)
• 9ac0d6c Correct SPDX identifier

See the full diff

Package name: postcss-color-gray

The new version differs by 10 commits.

• 6194351 5.0.0
• f143771 4.1.0
• 1f7a63d switch from MIT license to ISC license
• 363313d run code linter and coverage reporter only with the latest Node.js
• 065e6c8 test on the latest Node.js
• b263554 stop testing on AppVeyor
• 3dbf13a update dependnecies
• 3c8a7b8 Add CSS Standard Status (should handle sourcemap MoOx/postcss-cssnext#9)
• 5d7e37a 4.0.0
• 60db5cc Update dependencies

See the full diff

Package name: postcss-color-hex-alpha

The new version differs by 6 commits.

• cbe9486 4.0.0
• fd622b8 Use PostCSS 7
• 294cc20 Merge pull request should handle custom media queries MoOx/postcss-cssnext#7 from postcss/feature/cssdb-badge
• e299d4d Add CSS Standard Status
• 7192cc0 3.0.0
• ac6f3a6 Update dependencies

See the full diff

Package name: postcss-color-hwb

The new version differs by 2 commits.

• 2260586 3.0.0
• 877342d Update dependencies

See the full diff

Package name: postcss-color-rebeccapurple

The new version differs by 9 commits.

• 354e2f6 4.0.0
• 4f905cb Use PostCSS 7
• b4acbc9 3.1.0
• 6ec0238 Merge pull request should handle sourcemap MoOx/postcss-cssnext#9 from jonathantneal/feature/postcss6-and-updates
• 99053e6 Use Node v4 syntax
• caf793e Accurately parse the rebeccapurple word using postcss-value-parser
• 8c8f813 Update JSCS and drop invalid JSCS options
• 932246c Drop color dependency for simple #639
• 64eb63c 3.0.0

See the full diff

Package name: postcss-color-rgba-fallback

The new version differs by 6 commits.

• 96cda7e 4.0.0
• 022901f Merge pull request Group media queries MoOx/postcss-cssnext#27 from postcss/postcss-6
• d7b01e4 3.0.0
• d045fe4 droped old nodejs version
• 5fdd53d Updated dependencies
• 2382706 Updated postcss v6.x

See the full diff

Package name: postcss-custom-media

The new version differs by 12 commits.

• b780656 7.0.0
• 926f1ef Use PostCSS 7
• 8336b81 Update README.md heading
• d472113 Fix badge
• e2c61ac Merge pull request Support nested media queries MoOx/postcss-cssnext#30 from postcss/feature/cssdb-badge
• 8f03744 Add CSS Standard Status
• 8136745 Change link to specification
• c9192e5 6.0.0
• 20c908d Update dependencies
• 41c1a50 docs: explain better usage of extensions option (Non clear syntax error with unclosed var( MoOx/postcss-cssnext#23)
• ce2c592 Merge pull request Use Autoprefixer 3.0 MoOx/postcss-cssnext#22 from postcss/davidtheclark-patch-1
• 20213fc Fix broken link to spec draft

See the full diff

Package name: postcss-custom-properties

The new version differs by 39 commits.

• 6ef218d 8.0.0
• e0f68f9 Use postcss 7
• cd964ce Drop node@4 support
• 7775416 Use PostCSS 7
• a115c35 Update dependencies
• 4508964 Allow `warnings` option to be an object to configure each warning
• 4adb75c Fix appendVariables appending duplicate vars
• ccc045d Update README.md badges
• 4f7ad35 Update README.md cssdb badge
• 0bf934d change "preserve-computed" to "computed"
• 1b495ce Fix documentation code examples for preserve option
• f108950 Update README.md
• f17bf96 7.0.0
• bb69518 6.3.1
• 52526c3 6.3.0
• cdb1fb0 Update documentation
• c6f9140 No warnings by default
• 5d4620c Preserve by default
• c517378 Make options more explicit expectations
• 7cbf239 Support spec-valid whitespace
• a64158a Update dependencies
• 3f4e7fa Fix documentation for warning option
• 86637d1 Only transform var() functions
• 59ba7a6 Preserve declaration comments

See the full diff

Package name: postcss-custom-selectors

The new version differs by 13 commits.

• aadf18c 5.0.0
• 77742dd Use PostCSS 7
• 17d2d63 Merge pull request Remove logos from repo? MoOx/postcss-cssnext#35 from postcss/feature/cssdb-badge
• bc926c5 Add CSS Standard Status
• cd71c8f 4.0.1
• e865603 Fix incorrect export
• dbfa0b3 4.0.0
• fb5c007 Update dependencies
• 3ce0cc2 Merge pull request Browser support à la autoprefixer MoOx/postcss-cssnext#32 from Semigradsky/fix-npm-test
• 62ca821 Fix travis config
• 70adb94 Fix `npm test` error
• 53bf235 Merge pull request fix typo in node.js api example MoOx/postcss-cssnext#28 from jonathanKingston/pseudo-class-test
• cf0f7dc Adding in test for multiple selectors with a pseudo class

See the full diff

Package name: postcss-font-variant

The new version differs by 5 commits.

• 9084a34 4.0.0
• ae337a2 Upgrade PostCSS to 7.0.2
• c2666f1 Update README.md heading
• da76fb0 3.0.0
• 83b1556 Changed: Use PostCSS 6 (should handle sourcemap MoOx/postcss-cssnext#9)

See the full diff

Package name: postcss-media-minmax

The new version differs by 10 commits.

• f25abff 4.0.0
• 8a254c6 Update PostCSS
• 9109000 Upgrade to PostCSS 7
• ce59e54 Merge pull request add missing browser option for cli MoOx/postcss-cssnext#20 from postcss/feature/cssdb-badge
• 42ad9ec Add CSS Standard Status
• 00291bb chore: add npmpub for release
• 26cc94d Merge pull request grunt/gulp plugin MoOx/postcss-cssnext#18 from jonathantneal/feature/postcss6
• 97e0861 3.0.0
• 470737f Update comment test
• 712582a Use PostCSS 6

See the full diff

Package name: postcss-nesting

The new version differs by 31 commits.

• 87c6d34 7.0.0
• 84fe507 Upgrade PostCSS to 7.0.2
• d4691eb 6.0.0
• 34a3aae Fix cssdb badge and link
• 78f9cd1 5.0.0
• f51dda6 4.2.1
• c857ccf Move transform into its own function
• 8f7122e Update dev dependencies
• 524d34e 4.2.0
• 8c13c72 Normalize CHANGELOG
• 8de8fc8 Reduce the splitting of rules
• 5e2fc78 Update devDependencies
• bfb37c3 Update README
• d868e49 Add CSS Standard Status
• 27c3311 Update gitignore
• 7afb45a Update dependencies
• 4d16c84 4.1.0
• 9dab9a6 Use spaces in Markdown files
• 7eacf48 Use mutation-safe walk method (Round issue MoOx/postcss-cssnext#45)
• 6a09374 fix: a case in which test rule will compose another valid CSS qualified name (add gray() function MoOx/postcss-cssnext#44)
• 410cfc7 4.0.1
• b638e5a Improve selector validity testing
• 4b783f9 Update .travis.yml
• c1cd77f 4.0.0

See the full diff

Package name: postcss-pseudo-class-any-link

The new version differs by 12 commits.

• 9ff821a 6.0.0
• 104eb53 Upgrade postcss version to v7
• 3c97d97 5.0.0
• bdf0d11 Update README.md badges
• 1cdccca Add CSS Standard Status
• 4d07b59 Update .gitignore
• 806ae5b Add .editorconfig
• a70212a Update dependencies
• 877bfc4 4.0.0
• c2ac798 3.0.1
• 3b8eaa5 3.0.0
• 0e8c8d8 Support postcss-apply ([Snyk] Fix for 3 vulnerabilities #5)

See the full diff

Package name: postcss-selector-matches

The new version differs by 8 commits.

• adc8f08 4.0.0
• 76589c1 Upgrade postcss to v7
• c9df668 Merge pull request website MoOx/postcss-cssnext#15 from postcss/feature/cssdb-badge
• 016dc99 Add CSS Standard Status
• d3370bc 3.0.1
• e9ecf08 Fix incorrect export
• b701fa6 3.0.0
• 0206644 Update dependencies

See the full diff

Package name: postcss-selector-not

The new version differs by 15 commits.

• 12ed317 4.0.0
• a980515 Ensure escaped colons do not break selector transformations
• 0508237 Upgrade postcss version
• 77c5e7f Update README.md - cssdb stage
• 2a4964b Merge pull request cli: should read from stdin and write to stdout MoOx/postcss-cssnext#12 from Nemo64/patch-1
• 52d9119 fixed [Snyk] Fix for 1 vulnerabilities #4
• 618e446 Merge pull request should handle sourcemap MoOx/postcss-cssnext#9 from postcss/feature/cssdb-badge
• d45e8c9 Add CSS Standard Status
• a85a52f 3.0.1
• 83f3c8e Fix incorrect export (should add lots of support for color MoOx/postcss-cssnext#8)
• efa6b4d 3.0.0
• 075aa5c Merge pull request should handle custom media queries MoOx/postcss-cssnext#7 from Semigradsky/master
• c260886 Update dependencies
• c154f29 Merge pull request [Snyk] Fix for 1 vulnerabilities #2 from timaschew/patch-1
• 94858d5 typo fix

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Regular Expression Denial of Service (ReDoS)
🦉 More lessons are available in Snyk Learn