Critical Vulnerabilities

Aintaer / import-glob-loader

Globbing preloader for Webpack

50 stars 16 forks source link

Critical Vulnerabilities #16

Open cognaciousthunk opened 1 year ago

cognaciousthunk commented 1 year ago

Currently getting the following on npm install using import-glob-loader with webpack

Severity: critical
Prototype pollution in webpack loader-utils - https://github.com/advisories/GHSA-76p3-8jx3-jpfq
No fix available
node_modules/import-glob-loader/node_modules/loader-utils
  import-glob-loader  *
  Depends on vulnerable versions of loader-utils
  node_modules/import-glob-loader

2 critical severity vulnerabilities

ymzkjpx commented 1 year ago

@cognaciousthunk Hi. I faced the same problem too. Thank you for listing the ISSUE first.

It may be important to wait for this author's response, but I solved the problem by using this package. I will be glad if it helps. terpiljenya/import-glob: ES6 import with glob patterns (preloader for Webpack) https://github.com/terpiljenya/import-glob