Do you want to request a feature, report a bug or ask a question?
Vulnerability
What is the current behavior?
Running npm audit fix suggests rolling back svg-sprite-loader to 2.0.3
What is the expected behavior?
Being able to use the latest version
Please tell us about your environment:
Node.js version: 16.14.0
webpack version: 5.72.1
svg-sprite-loader version: 6.0.11
OS type & version: windows 10
Other information (e.g. detailed explanation, stacktraces, related issues, suggestions how to fix, links for us to have context, eg. stackoverflow, gitter, etc)
`postcss <7.0.36
Severity: moderate
Regular Expression Denial of Service in postcss - https://github.com/advisories/GHSA-566m-qj78-rww5
fix available via npm audit fix --force
Will install svg-sprite-loader@2.0.3, which is a breaking change
node_modules/postcss
svg-baker >=1.2.5
Depends on vulnerable versions of postcss
node_modules/svg-baker
svg-baker-runtime >=1.4.0-alpha.10475b37
Depends on vulnerable versions of svg-baker
node_modules/svg-baker-runtime
svg-sprite-loader >=2.0.4
Depends on vulnerable versions of svg-baker
Depends on vulnerable versions of svg-baker-runtime
node_modules/svg-sprite-loader
4 moderate severity vulnerabilities
To address all issues (including breaking changes), run:
npm audit fix --force`
Do you want to request a feature, report a bug or ask a question? Vulnerability
What is the current behavior? Running
npm audit fix
suggests rolling back svg-sprite-loader to2.0.3
What is the expected behavior? Being able to use the latest version
Please tell us about your environment:
Other information (e.g. detailed explanation, stacktraces, related issues, suggestions how to fix, links for us to have context, eg. stackoverflow, gitter, etc)