[Snyk] Fix for 8 vulnerabilities

[mattdanielbrown]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/benchmarks/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JS-JSYAML-173999	Yes	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-JSYAML-174129	Yes	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	Yes	No Known Exploit
	520/1000 Why? Has a fix available, CVSS 5.9	Denial of Service SNYK-JS-NODEFETCH-674311	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	Yes	No Known Exploit
	529/1000 Why? Has a fix available, CVSS 6.3	Cross-site Scripting (XSS) SNYK-JS-WEBPACKBUNDLEANALYZER-174190	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: css-loader

The new version differs by 80 commits.

• 634ab49 chore(release): 2.0.0
• 6ade2d0 refactor: remove unused file ([fix] Picker default font styles necolas/react-native-web#860)
• e7525c9 test: nested url (SafeAreaView is not implemented necolas/react-native-web#859)
• 7259faa test: css hacks (Add ability to provide render callback necolas/react-native-web#858)
• 5e6034c feat: allow to filter import at-rules (Usage with Flow necolas/react-native-web#857)
• 5e702e7 feat: allow filtering urls (Fix relatedTarget regression necolas/react-native-web#856)
• 9642aa5 test: css stuff (relatedTarget missing from focus and blur events necolas/react-native-web#855)
• 3338656 fix: reduce number of require for url (build works but render fail necolas/react-native-web#854)
• 533abbe test: issue 636 (How to remove this lib from my project? necolas/react-native-web#853)
• 08c551c refactor: better warning on invalid url resolution (transitionProperty and transitionTimingFunction order does not match necolas/react-native-web#852)
• b0aa159 test: issue Fix example in README necolas/react-native-web#589 (errors in build necolas/react-native-web#851)
• f599c70 fix: broken unucode characters (Status bar necolas/react-native-web#850)
• 1e551f3 test: issue 286 (How do you use react-native libraries? necolas/react-native-web#849)
• 419d27b docs: improve readme (Fire 'onLayout' when elements are resized necolas/react-native-web#848)
• d94a698 refactor: webpack-default (Ability to render Touchable as <button> on web necolas/react-native-web#847)
• b97d997 feat: schema options
• 453248f fix: support module resolution in composes (Merge styles into one className necolas/react-native-web#845)
• 8a6ea10 refactor: postcss plugins (Getting the browser DOM node necolas/react-native-web#844)
• fdcf687 fix: url resolving logic (Flow typing for react-native-web components not working necolas/react-native-web#843)
• 889dc7f feat: allow to disable css modules and disable their by default (Some icons in react-native-vector-icons can not send requests! necolas/react-native-web#842)
• ee2d253 test: importLoaders option (DeviceEventEmitter is converted nothing necolas/react-native-web#841)
• 1dad1fb feat: reuse postcss ast from other loaders (i.e `postcss-loader`) (react-native-web necolas/react-native-web#840)
• fe94ebc test: icss reserved keywords (react-native-web necolas/react-native-web#839)
• 9eaba66 refactor: migrate on message api for postcss-icss-plugin ([fix] Import react-art only client side to avoid crash necolas/react-native-web#838)

See the full diff

Package name: webpack

The new version differs by 250 commits.

• 04f90c5 4.26.0
• e1df721 Merge pull request #8392 from vkrol/cherry-pick-terser-to-webpack-4
• a818def fix for changed API in terser plugin warningsFilter
• b39abf4 Rename test directories too
• 311a728 Switch from uglifyjs-webpack-plugin to terser-webpack-plugin
• a230148 Merge pull request #8351 from DeTeam/chunk-jsdoc-typo
• 7a0af76 Fix a typo in Chunk#split jsdoc comment
• 2361995 4.25.1
• e2a2016 Merge pull request #8338 from webpack/bugfix/issue-8293
• babe736 replace prefix/postfix even when equal for wrapped context
• dcd0d59 test for #8293
• af123a8 Merge pull request #8334 from webpack/bugfix/lint
• 36eb0bb move azure specific commands to azure-pipelines.yml
• 290094e 4.25.0
• 355590e Merge pull request #8250 from Aladdin-ADD/patch-3
• 0293c3a Merge pull request #8279 from smelukov/support-entry-progress
• 1ea411b Merge pull request #8139 from NaviMarella/FormatManifest
• 4b72635 exclude watch test cases
• e35d084 increase test timeout
• 6be1411 move schema into definitions
• 3d74504 add missing hooks to progress
• 56d8a8f prevent writing the same message multiple times to stderr
• 64e3826 use flags to show different parts of the progress message
• 8c5e74f Merge branch 'master' into support-entry-progress

See the full diff

Package name: webpack-bundle-analyzer

The new version differs by 132 commits.

• 345c3f5 v3.3.2
• a615815 Merge pull request Initial update to ListView functionality necolas/react-native-web#264 from webpack-contrib/fix-escape-regression
• 20f2b4c Fix regression with escaping internal assets
• 9836649 v3.3.1
• d1db526 Remove outdated item from troubleshooting section
• ca34279 Merge pull request Touchable Opacity props warnings necolas/react-native-web#261 from webpack-contrib/relative-links-to-assets
• 99818f9 Fix changelog
• 21722d2 Add changelog entry
• ed99c32 Use relative links for serving internal assets
• 3ce1b8c Merge pull request Button component: Add to web support necolas/react-native-web#262 from webpack-contrib/proper-js-escape
• 5385936 Add changelog entry
• e5091ce Properly escape embedded JS/JSON
• 81ec8b3 Update changelog
• 5f80d17 Merge pull request ListView implementation necolas/react-native-web#260 from webpack-contrib/fix-help-command
• 0404322 Fix showing help message on `-h`
• 30786eb Fix link to PR
• 838fef4 v3.3.0
• 26a1474 Merge pull request Touchable not working necolas/react-native-web#257 from webpack-contrib/fix-context-menu-positioning
• b22015a Fix positioning of the context menu when sidebar is pinned
• 49ce234 Merge pull request Provide source files (allow npm install via git with a building step) necolas/react-native-web#256 from webpack-contrib/update-dev-deps
• fe3c71e Update dev dependencies
• 4a232f0 Merge pull request [fix] NetInfo event handler registration necolas/react-native-web#246 from bregenspan/add-context-menu
• 2b53d43 Document event type
• 83adbbb Re-open context menu immediately when different bundle is selected

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service (DoS)
🦉 Arbitrary Code Execution
🦉 Denial of Service
🦉 More lessons are available in Snyk Learn