loader-utils vulnerability upgrade #1442
Assignees
Comments
|
Hey Any update on this |
|
I would like to help also, if its a good for first bug |
|
bump |
|
There's also CVE-2022-37601 loader-utils 1.0.0 to 2.0.2 are affected, patched as of 2.0.3 loader-utils fix PR webpack/loader-utils#217 & release https://github.com/webpack/loader-utils/releases/tag/v2.0.3 |
|
Following. Would appreciate if we could remove the dependency on loader-utils by dropping support for webpack 4. |
|
I have updated the react-hot-loader dependency with version with version 4.13.0 but still I am getting the older loader-utils version in the package.json. Any suggestions? Is there anything which I am missing? |
|
@NidhiLearning - please use 4.13.1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello :)
loader-utils dependency released a new version (2.0.0) about a month ago, in which they fixed a vulnerability following a snyk report. I would appreciate if you could update loader-utils to the latest version.
webpack/loader-utils#165
https://app.snyk.io/vuln/SNYK-JS-MINIMIST-559764
Thank you very much in advance
The text was updated successfully, but these errors were encountered: