Closed ar10642 closed 9 months ago
Wish it could be merged 🙏
@tobias-93 This issue also showed up in our security scans. Can this fix be merged?
critical │ Prototype pollution in webpack loader-utils Package │ loader-utils Patched in │ >=1.4.1 Dependency of │ fos-router Path │ fos-router > webpack-inject-plugin > loader-utils More info │ https://www.npmjs.com/advisories/1094088
Hi @ar10642, sorry for the delayed response. What did you change in router.js
and router.min.js
? If it is just line endings then please revert, so the scope of this change is as clean as possible. Then I can merge this, I cannot test since I'm not using this method in my projects but if other developers see this work it's good to me. Thanks!
On a related note, with AssetMapper I've been using the npm version of fos-router.
bin/console importmap:require fos-routing
An attempt to replace the dependency on
webpack-inject-plugin
with the WebpackBannerPlugin
instead.All tests pass, it seems to work in my local project that uses it. Apologies if I've missed something here or not done something I was supposed to. I am doing this because my company has a requirement for libraries to not have critical security issues.
As mentioned in https://github.com/FriendsOfSymfony/FOSJsRoutingBundle/issues/454