> npm audit
High loader-utils is vulnerable to Regular Expression Denial of
Service (ReDoS) via url variable
Package loader-utils
Patched in >=1.4.2
Dependency of fos-router
Path fos-router > webpack-inject-plugin > loader-utils
More info https://github.com/advisories/GHSA-3rfm-jhwj-7488
High loader-utils is vulnerable to Regular Expression Denial of
Service (ReDoS)
Package loader-utils
Patched in >=1.4.2
Dependency of fos-router
Path fos-router > webpack-inject-plugin > loader-utils
More info https://github.com/advisories/GHSA-hhq3-ff78-jv3g
Critical Prototype pollution in webpack loader-utils
Package loader-utils
Patched in >=1.4.1
Dependency of fos-router
Path fos-router > webpack-inject-plugin > loader-utils
More info https://github.com/advisories/GHSA-76p3-8jx3-jpfq
loader-utils have patched this issue, however web pack-inject-plugin have no updated or patched this.
I did notice a recommendation to deprecate the package in favour for BannerPlugin:
There is an issue with
loader-utils
, a dependency ofwebpack-inject-plugin
:loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable
loader-utils
have patched this issue, howeverweb pack-inject-plugin
have no updated or patched this.I did notice a recommendation to deprecate the package in favour for
BannerPlugin
:adierkens/webpack-inject-plugin - Issue #66 - Deprecate this plugin and suggest using the BannerPlugin instead