Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

loader-utils vulnerability upgrade #1442

Open
niryarden opened this issue Apr 23, 2020 · 7 comments
Open

loader-utils vulnerability upgrade #1442

niryarden opened this issue Apr 23, 2020 · 7 comments
Assignees

Comments

@niryarden
Copy link

Hello :)

loader-utils dependency released a new version (2.0.0) about a month ago, in which they fixed a vulnerability following a snyk report. I would appreciate if you could update loader-utils to the latest version.

webpack/loader-utils#165
https://app.snyk.io/vuln/SNYK-JS-MINIMIST-559764

Thank you very much in advance

@theKashey theKashey self-assigned this Apr 23, 2020
@Shivam60
Copy link

Hey Any update on this

@Shivam60
Copy link

I would like to help also, if its a good for first bug

@mateBe95
Copy link

bump

@psierks
Copy link
Contributor

psierks commented Oct 26, 2022

There's also CVE-2022-37601

loader-utils 1.0.0 to 2.0.2 are affected, patched as of 2.0.3

loader-utils fix PR webpack/loader-utils#217 & release https://github.com/webpack/loader-utils/releases/tag/v2.0.3

@dodo0822
Copy link

Following. Would appreciate if we could remove the dependency on loader-utils by dropping support for webpack 4.

@NidhiLearning
Copy link

I have updated the react-hot-loader dependency with version with version 4.13.0 but still I am getting the older loader-utils version in the package.json. Any suggestions? Is there anything which I am missing?

@theKashey
Copy link
Collaborator

@NidhiLearning - please use 4.13.1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

7 participants