Shuunen / green-app

NativeScript-Vue 2.0 Test App
https://play.google.com/store/apps/details?id=green.nsvue.app
GNU General Public License v3.0
5 stars 0 forks source link

Update dependency loader-utils [SECURITY] #723

Closed renovate[bot] closed 1 year ago

renovate[bot] commented 2 years ago

Mend Renovate

This PR contains the following updates:

Package Change
loader-utils 1.2.3 -> 1.4.2
loader-utils 2.0.2 -> 2.0.4

GitHub Vulnerability Alerts

CVE-2022-37601

Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils prior to version 2.0.3 via the name variable in parseQuery.js.

CVE-2022-37599

A regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils via the resourcePath variable in interpolateName.js. A badly or maliciously formed string could be used to send crafted requests that cause a system to crash or take a disproportional amount of time to process. This issue has been patched in versions 1.4.2, 2.0.4 and 3.2.1.

CVE-2022-37603

A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js. A badly or maliciously formed string could be used to send crafted requests that cause a system to crash or take a disproportional amount of time to process. This issue has been patched in versions 1.4.2, 2.0.4 and 3.2.1.


Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.



This PR has been generated by Mend Renovate. View repository job log here.