unescapeString doesn't properly unescape unicode characters

[pieter]

The following are valid unicode escaped strings:

• '\a'
• '\00000A'

Both of these aren't matched by unescapeString(), which wants to have at least 2 characters and a maximum of 5. In fact stringifyValues() can stringily to '\A', which then can't be parsed again by parseValues().

[track0x1]

Can we please have this fix put in and bump the version in css-loader?