[Snyk] Security upgrade ts-loader from 7.0.5 to 8.0.14

[jayjay7984]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/yarnpkg-builder/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: ts-loader

The new version differs by 42 commits.

• 268bc69 chore(deps): upgrade most production deps ([Case Study] does load esm modules supported? yarnpkg/berry#1237)
• e160564 Add a cache to file path mapping (feat: hide secrets in yarn config commands yarnpkg/berry#1228)
• 14fa3f8 Add documentation about performance profiling ([Bug] Yarn does not work with WSL / UNC paths yarnpkg/berry#1230)
• 3cc78b8 Fix typo in README.md ([Feature] version plugin: add --all flag to version command yarnpkg/berry#1229)
• 8f2a509 Add documentation for the useCaseSensitiveFileNames option ([Feature] Clean/delete dist before building yarnpkg/berry#1227)
• 566e6ce Instead of checking date, check time thats more accurate to see if something has changed (docs: add note about relative paths yarnpkg/berry#1217)
• 172ebeb Feature/typescript 4 1 (Cleanup .bin folders from node_modules yarnpkg/berry#1213)
• 0816fe9 Add peer dependencies for Yarn PnP ([Bug] Hot reloading broken when saving a file from a workspace that has peerDependencies listed yarnpkg/berry#1209)
• 4909d99 Fixed missing errors in watch mode in webpack5 ([Bug]Not able to install yarn 2 yarnpkg/berry#1208)
• 3f73e98 Fix failed builds when using thread-loader (Reenable plugin-compat for all the linkers yarnpkg/berry#1207)
• e90f8ad Fix memory leak when using multiple webpack instances (Updates to the latest TS patch yarnpkg/berry#1205)
• 95050eb Speeds up project reference build and doesnt store the result in memory (docs(config): hint at using enableGlobalCache instead of cacheFolder yarnpkg/berry#1202)
• f99c7c4 doc: escape pipe in table (Add changesetBaseRef configuration option for versioning (#1195) yarnpkg/berry#1201)
• 0b4a86d Replace afterCompile to stop webpack 5 warning ([Feature] Allow private packages to be used as a workspace: dependency. yarnpkg/berry#1200)
• 6d8d601 Fixed deprecation warnings on webpack@5. ([Feature] version plugin: Support non-master bases yarnpkg/berry#1195)
• cafc933 Fix installation link on README.md (Add @yarnpkg/libzip to dynamicLibs yarnpkg/berry#1192)
• f5e901e Bump http-proxy in /examples/react-babel-karma-gulp (Speedup fetch step by limiting concurrency on network requests only yarnpkg/berry#1182)
• 0767bce add github action status badge (chore: remove node 8 polyfills yarnpkg/berry#1190)
• db5ea55 Feature/upgrade testpack to ts4 ([Bug] vscode tsserver crashed when using typescript in a monorepo yarnpkg/berry#1189)
• 95b6fe8 Uses existing instance if config file is same as already built solution ([Feature] Return "engines" check yarnpkg/berry#1177)
• b38678a Update minimum compiler version to 3.6.3 ([Bug] Error: typescript [...] Cannot apply hunk #7  yarnpkg/berry#1188)
• f8eba53 Add documentation and example code for projectReferences ([Bug] During link step, attempting to rm nested node_modules causes errors if node_modules is a docker volume or similar yarnpkg/berry#1184)
• 46d9761 Update docs to show transpileOnly does not affect project references ([Feature] disable lockfile yarnpkg/berry#1175)
• 0e64ceb Fix getOptionsHash when two options has different props but same values. ([node-modules] Adds support for creating link: to a missing folder yarnpkg/berry#1170)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Updated
berry	✅ Ready (Inspect)	Visit Preview	Nov 4, 2022 at 7:27PM (UTC)