-
Notifications
You must be signed in to change notification settings - Fork 801
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
loader-utils vulnerability upgrade #1442
Comments
Hey Any update on this |
I would like to help also, if its a good for first bug |
bump |
There's also CVE-2022-37601 loader-utils 1.0.0 to 2.0.2 are affected, patched as of 2.0.3 loader-utils fix PR webpack/loader-utils#217 & release https://github.com/webpack/loader-utils/releases/tag/v2.0.3 |
Following. Would appreciate if we could remove the dependency on loader-utils by dropping support for webpack 4. |
I have updated the react-hot-loader dependency with version with version 4.13.0 but still I am getting the older loader-utils version in the package.json. Any suggestions? Is there anything which I am missing? |
@NidhiLearning - please use 4.13.1 |
Hello :)
loader-utils dependency released a new version (2.0.0) about a month ago, in which they fixed a vulnerability following a snyk report. I would appreciate if you could update loader-utils to the latest version.
webpack/loader-utils#165
https://app.snyk.io/vuln/SNYK-JS-MINIMIST-559764
Thank you very much in advance
The text was updated successfully, but these errors were encountered: