Open z-zp opened 2 years ago
MaximeCheramy
commented
2 years ago There is also a critical vulnerability:
loader-utils <2.0.3
Severity: critical
Prototype pollution in webpack loader-utils - https://github.com/advisories/GHSA-76p3-8jx3-jpfq
No fix available
node_modules/loader-utils
node_modules/svg-baker/node_modules/loader-utilsDirect dependency:
├─┬ svg-sprite-loader@6.0.11
│ ├── loader-utils@1.4.0
wermanoid
commented
1 month ago And also critical vulnerability in htmlparser2.
it is recommended to update htmlparser2 to v5+
└─┬ svg-sprite-loader@6.0.11
└─┬ svg-baker@1.7.0
└─┬ posthtml-svg-mode@1.0.3
└─┬ posthtml-parser@0.2.1
└── htmlparser2@3.10.1 actually, is this package still somehow maintained?
Do you want to request a feature, report a bug or ask a question?
What is the current behavior?
What is the expected behavior?
If the current behavior is a bug, please provide the steps to reproduce, at least part of webpack config with loader configuration and piece of your code. The best way is to create repo with minimal setup to demonstrate a problem (package.json, webpack config and your code). It you don't want to create a repository - create a gist with multiple files
If this is a feature request, what is motivation or use case for changing the behavior?
Please tell us about your environment:
Other information (e.g. detailed explanation, stacktraces, related issues, suggestions how to fix, links for us to have context, eg. stackoverflow, gitter, etc)
┬ svg-sprite-loader@6.0.11 │ └─┬ svg-baker@1.7.0 │ ├─┬ postcss-prefix-selector@1.16.0 │ │ └── postcss@8.4.18 deduped │ └── postcss@5.2.18
its dependencies postcss@5.2.18. postcss@5.2.18 is need to upgrade https://github.com/advisories/GHSA-566m-qj78-rww5