kissifrot
commented
11 months ago Wish it could be merged 🙏
Closed ar10642 closed 9 months ago
kissifrot
commented
11 months ago Wish it could be merged 🙏
mdriessen
commented
11 months ago @tobias-93 This issue also showed up in our security scans. Can this fix be merged?
critical │ Prototype pollution in webpack loader-utils Package │ loader-utils Patched in │ >=1.4.1 Dependency of │ fos-router Path │ fos-router > webpack-inject-plugin > loader-utils More info │ https://www.npmjs.com/advisories/1094088
tobias-93
commented
10 months ago Hi @ar10642, sorry for the delayed response. What did you change in router.js and router.min.js? If it is just line endings then please revert, so the scope of this change is as clean as possible. Then I can merge this, I cannot test since I'm not using this method in my projects but if other developers see this work it's good to me. Thanks!
tacman
commented
10 months ago On a related note, with AssetMapper I've been using the npm version of fos-router.
bin/console importmap:require fos-routing
An attempt to replace the dependency on
webpack-inject-pluginwith the WebpackBannerPlugininstead.All tests pass, it seems to work in my local project that uses it. Apologies if I've missed something here or not done something I was supposed to. I am doing this because my company has a requirement for libraries to not have critical security issues.
As mentioned in https://github.com/FriendsOfSymfony/FOSJsRoutingBundle/issues/454