MaximeCheramy
commented
1 year ago There is also a critical vulnerability:
loader-utils <2.0.3
Severity: critical
Prototype pollution in webpack loader-utils - https://github.com/advisories/GHSA-76p3-8jx3-jpfq
No fix available
node_modules/loader-utils
node_modules/svg-baker/node_modules/loader-utilsDirect dependency:
├─┬ svg-sprite-loader@6.0.11
│ ├── loader-utils@1.4.0
Do you want to request a feature, report a bug or ask a question?
What is the current behavior?
What is the expected behavior?
If the current behavior is a bug, please provide the steps to reproduce, at least part of webpack config with loader configuration and piece of your code. The best way is to create repo with minimal setup to demonstrate a problem (package.json, webpack config and your code). It you don't want to create a repository - create a gist with multiple files
If this is a feature request, what is motivation or use case for changing the behavior?
Please tell us about your environment:
Other information (e.g. detailed explanation, stacktraces, related issues, suggestions how to fix, links for us to have context, eg. stackoverflow, gitter, etc)
┬ svg-sprite-loader@6.0.11 │ └─┬ svg-baker@1.7.0 │ ├─┬ postcss-prefix-selector@1.16.0 │ │ └── postcss@8.4.18 deduped │ └── postcss@5.2.18
its dependencies postcss@5.2.18. postcss@5.2.18 is need to upgrade https://github.com/advisories/GHSA-566m-qj78-rww5